sonarqube findbugs and generated sources

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

sonarqube findbugs and generated sources

Lorenzo Bettini
Hi

I'm using maven/tycho and analyze Eclipse projects with Sonarqube 4.4.
These projects contain both Java files and Xtend
files,https://www.eclipse.org/xtend/, (these will be compiled into Java
files into the additional source folder xtend-gen, during the maven build).

When dealing with unit tests, I followed the new procedure for sonarqube
discussed here
http://sonarqube.15.x6.nabble.com/quot-Unit-test-success-quot-in-Sonarqube-4-4-td5028019.html

thus, in the tests project I added

  <properties>
    <!-- Workaround for
https://bugs.eclipse.org/bugs/show_bug.cgi?id=397015 -->
    <sonar.sources></sonar.sources>
    <sonar.tests>src</sonar.tests>
  </properties>

and in the parent pom, the tests project is NOT skipped.

I noted that during the analysis, the FindbugsSensor behaves strangely:

- in the main project, the generated Java code by xtend (in the
xtend-gen folder) even if contains findbugs issues, these issues are not
reported in the sonarqube web site (NOTE: in the local
target/sonar/findbugs-result.xml the issues are collected, thus it looks
like the findbugs sensor does not correctly report to sonarqube).  On
the contrary, findbugs issues in the Java code written manually are
correctly reported.
- in the test projects, findbugs issues in xtend-gen are correctly reported.

I created an example project
https://github.com/LorenzoBettini/tycho-xtend-sonar (which is the
extension of
https://github.com/SonarSource/sonar-examples/tree/master/projects/tycho
with the addition of xtend files).

Both in the plugin and in the plugin.tests there are Java and xtend
files with findbugs issues.

When analysing you see that in sonarqube web interface

- plugin.tests/xtend-gen/example/XtendGreetingTest.java reports the two
findbugs issue
- plugin/xtend-gen/example/XtendGreeting.java does NOT report the two
findbugs issue (though in the local report the issues are found)

Note that during the analysis of the main plugin project the source dirs
are correctly detected (and indeed, as I said, the local findbugs report
contains the bugs detected in the xtend-gen files):

[INFO] [09:45:31.878] Initializer FindbugsMavenInitializer...
[INFO] [09:45:31.879] Initializer FindbugsMavenInitializer done: 1 ms
[INFO] [09:45:31.880] Base dir:
/home/bettini/work/eclipse/sonarqube/tycho-xtend-sonar/plugin
[INFO] [09:45:31.880] Working dir:
/home/bettini/work/eclipse/sonarqube/tycho-xtend-sonar/plugin/target/sonar
[INFO] [09:45:31.880] Source dirs:
/home/bettini/work/eclipse/sonarqube/tycho-xtend-sonar/plugin/src,
/home/bettini/work/eclipse/sonarqube/tycho-xtend-sonar/plugin/xtend-gen
[INFO] [09:45:31.880] Binary dirs:
/home/bettini/work/eclipse/sonarqube/tycho-xtend-sonar/plugin/target/classes

any clue?

thanks in advance
        Lorenzo

--
Lorenzo Bettini, PhD in Computer Science, DI, Univ. Torino
HOME: http://www.lorenzobettini.it
Xtext Book:
http://www.packtpub.com/implementing-domain-specific-languages-with-xtext-and-xtend/book



---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: sonarqube findbugs and generated sources

Lorenzo Bettini
shall I file a bug report?

--
Lorenzo Bettini, PhD in Computer Science, DI, Univ. Torino
HOME: http://www.lorenzobettini.it
Xtext Book:
http://www.packtpub.com/implementing-domain-specific-languages-with-xtext-and-xtend/book



---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: sonarqube findbugs and generated sources

Nicolas Peru
Hi Lorenzo, 

In fact the explication is quite simple : If you look at the code generated by Xtend on your class used as source, you will notice that this class has the annotation @SuppressWarnings("all") and as per http://jira.codehaus.org/browse/SONAR-1760 this will lead to the fact that every violation raised on this class will not be taken into account by the platform. 

You can investigate this by enabling debug output : mvn sonar:sonar -X   and see that Issues reported on XtendGreeting.java are filtered out as stated by the output line : 
"Violation ... ... is excluded by the filter org.sonar.api.checks.NoSonarFilter@50b7bbcd" 

If you comment out this annotation, everything works as you expect.

Cheers.

Nicolas PERU | SonarSource
Senior Developer
http://sonarsource.com


On 18 September 2014 08:45, Lorenzo Bettini <[hidden email]> wrote:
shall I file a bug report?

--
Lorenzo Bettini, PhD in Computer Science, DI, Univ. Torino
HOME: http://www.lorenzobettini.it
Xtext Book:
http://www.packtpub.com/implementing-domain-specific-languages-with-xtext-and-xtend/book



---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email



Reply | Threaded
Open this post in threaded view
|

Re: sonarqube findbugs and generated sources

Lorenzo Bettini
On 25/09/2014 16:48, Nicolas Peru wrote:

> Hi Lorenzo,
>
> In fact the explication is quite simple : If you look at the code
> generated by Xtend on your class used as source, you will notice that
> this class has the annotation @SuppressWarnings("all") and as per
> http://jira.codehaus.org/browse/SONAR-1760 this will lead to the fact
> that every violation raised on this class will not be taken into account
> by the platform.
>
> You can investigate this by enabling debug output : mvn sonar:sonar -X  
> and see that Issues reported on XtendGreeting.java are filtered out as
> stated by the output line :
> "Violation ... ... is excluded by the filter
> org.sonar.api.checks.NoSonarFilter@50b7bbcd"
>
> If you comment out this annotation, everything works as you expect.
>

Ah OK!  Thanks Nicolas!
I'll investigate if it possible to disable that annotation in the
generated code.

But I don't understand why in the test project the findbugs issues are
correctly reported (see my original email).

cheers
        Lorenzo

--
Lorenzo Bettini, PhD in Computer Science, DI, Univ. Torino
HOME: http://www.lorenzobettini.it
Xtext Book:
http://www.packtpub.com/implementing-domain-specific-languages-with-xtext-and-xtend/book



---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: sonarqube findbugs and generated sources

Nicolas Peru
Hi Lorenzo, 

We don't take into consideration this suppress warnings annotation in test files.

Cheers,

Nicolas PERU | SonarSource
Senior Developer
http://sonarsource.com


On 29 September 2014 11:18, Lorenzo Bettini <[hidden email]> wrote:
On 25/09/2014 16:48, Nicolas Peru wrote:
> Hi Lorenzo,
>
> In fact the explication is quite simple : If you look at the code
> generated by Xtend on your class used as source, you will notice that
> this class has the annotation @SuppressWarnings("all") and as per
> http://jira.codehaus.org/browse/SONAR-1760 this will lead to the fact
> that every violation raised on this class will not be taken into account
> by the platform.
>
> You can investigate this by enabling debug output : mvn sonar:sonar -X
> and see that Issues reported on XtendGreeting.java are filtered out as
> stated by the output line :
> "Violation ... ... is excluded by the filter
> org.sonar.api.checks.NoSonarFilter@50b7bbcd"
>
> If you comment out this annotation, everything works as you expect.
>

Ah OK!  Thanks Nicolas!
I'll investigate if it possible to disable that annotation in the
generated code.

But I don't understand why in the test project the findbugs issues are
correctly reported (see my original email).

cheers
        Lorenzo

--
Lorenzo Bettini, PhD in Computer Science, DI, Univ. Torino
HOME: http://www.lorenzobettini.it
Xtext Book:
http://www.packtpub.com/implementing-domain-specific-languages-with-xtext-and-xtend/book



---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email



Reply | Threaded
Open this post in threaded view
|

Re: sonarqube findbugs and generated sources

Lorenzo Bettini
For the moment I'm using a workaround I documented here

http://www.lorenzobettini.it/2014/10/analyzing-xtend-code-with-sonarqube/

--
Lorenzo Bettini, PhD in Computer Science, DI, Univ. Torino
HOME: http://www.lorenzobettini.it
Xtext Book:
http://www.packtpub.com/implementing-domain-specific-languages-with-xtext-and-xtend/book



---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email