如何解决使用 Sonar-cxx 社区插件 v1.3.3 在 SonarQube 7.9.5 中未报告 Cppcheck 错误
我的 SonarQube 社区版 (v7.9.5) 服务器运行 sonar-cxx 社区插件 v1.3.3
现在对于一个测试 C++ 项目,我已经生成了 cppcheck (v2.3) 分析报告并运行声纳扫描仪 (https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.5.0.2216-linux.zip) 如下。
$ pwd
/testproj
$ ls
file1.cc
$ cat file1.cc
int main()
{
char a[10];
a[10] = 0;
return 0;
}
$ cppcheck --enable=all --xml . 2> cppcheck_issues.xml
$ cat cppcheck_issues.xml
<?xml version="1.0" encoding="UTF-8"?>
<results version="2">
<cppcheck version="2.3"/>
<errors>
<error id="arrayIndexOutOfBounds" severity="error" msg="Array 'a[10]' accessed at index 10,which is out of bounds." verbose="Array 'a[10]' accessed at index 10,which is out of bounds." cwe="788" hash="11923574308940205340">
<location file="file1.cc" line="4" column="2" info="Array index out of bounds"/>
</error>
<error id="unreadVariable" severity="style" msg="Variable 'a[10]' is assigned a value that is never used." verbose="Variable 'a[10]' is assigned a value that is never used." cwe="563" hash="9507758794529763218">
<location file="file1.cc" line="4" column="7"/>
<symbol>a[10]</symbol>
</error>
</errors>
</results>
$ sonar-scanner \
-Dsonar.host.url=<sonar-host-url>\
-Dsonar.login=<sonar-token>\
-Dsonar.projectName=testproj\
-Dsonar.projectKey=testproj\
-Dsonar.projectVersion=0.1\
-Dsonar.cxx.cppcheck.reportPath=cppcheck_issues.xml\
-Dsonar.exclusions=cppcheck_issues.xml
INFO: Scanner configuration file: /code/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.5.0.2216
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 4.1.12-124.43.4.el7uek.x86_64 amd64
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /code/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: Analyzing on SonarQube server 7.9.5
INFO: Default locale: "en_US",source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=142ms
INFO: Server id: 22633092-AXeMotAnTu7ckErSxqZC
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=73ms
INFO: Load/download plugins (done) | time=141ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=9ms
INFO: Project key: testproj
INFO: Base dir: /testproj
INFO: Working dir: /testproj/.scannerwork
INFO: Load project settings for component key: 'testproj'
INFO: Load project settings for component key: 'testproj' (done) | time=74ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=99ms
INFO: Load active rules
INFO: Load active rules (done) | time=1167ms
WARN: SCM provider autodetection failed. Please use "sonar.scm.provider" to define SCM of your project,or disable the SCM Sensor in the project settings.
INFO: Indexing files...
INFO: Project configuration:
INFO: Excluded sources: cppcheck_issues.xml
INFO: 1 file indexed
INFO: 0 files ignored because of inclusion/exclusion patterns
INFO: Quality profile for c++: Sonar way
INFO: ------------- Run sensors on module testproj
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=41ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/root/.sonar/cache/866bb1adbf016ea515620f1aaa15ec53/sonar-javascript-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
INFO: Sensor C++ (Community) SquidSensor [cxx]
INFO: Load project repositories
INFO: Load project repositories (done) | time=31ms
INFO: Sensor C++ (Community) SquidSensor [cxx] (done) | time=312ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=9ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=3ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=23ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=27ms
INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
INFO: 1 file had no CPD blocks
INFO: Calculating CPD for 0 files
INFO: CPD calculation finished
INFO: Analysis report generated in 157ms,dir size=79 KB
INFO: Analysis report compressed in 22ms,zip size=12 KB
INFO: Analysis report uploaded in 58ms
INFO: ANALYSIS SUCCESSFUL,you can browse <sonar-host-url>/dashboard?id=testproj
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at <sonar-host-url>/api/ce/task?id=AXeQLS1KTu7ckErSxt5M
INFO: Executing post-job 'Final report'
INFO: Turn debug info on to get more details (sonar-scanner -X -Dsonar.verbose=true ...).
INFO: Analysis total time: 5.510 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 7.283s
INFO: Final Memory: 12M/44M
INFO: ------------------------------------------------------------------------
现在在SonarQube中成功创建/更新项目;但是,SonarQube 中没有报告这些问题。有人能够建议可能是什么原因吗? Please refer the snapshot of the project in SonarQube
注 1:在 SonarQube 服务器配置中,sonar.cxx.suffixes.sources 被配置为 C++(社区)插件的“.cc”值。而且,没有看到其他具有相同配置密钥的插件。
注 2:在 ce.log 中没有看到错误/警告
解决方法
经过进一步挖掘,找到了问题原因。
问题原因:C++(社区)对应的默认质量配置文件默认禁用所有规则,也没有启用它们的选项。
修复:创建了一个新的质量配置文件扩展了默认配置文件,然后启用了规则,最后将其作为 C++(社区)的默认质量配置文件解决了这个问题。
更新(21 年 2 月 16 日):从 sonar-cxx 团队得到澄清,这也是有意为之,https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Manage-Quality-Profiles
由于 cxx 插件包含大量传感器,超过 4000 规则,所有规则最初都在默认配置文件中停用 编程语言 CXX 的声纳方式。启用所有规则将 对分析性能有负面影响,而且大多只是 需要子集。
因此,安装后,不会显示传感器问题。到 显示问题,必须先在 项目正在使用的质量配置文件。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
