@SuppressWarnings are not honored by the SonarQube 7.9 anymore

  • versions used (SonarQube CE 7.9.3 with the latest plugins)
  • error observed
    In our Java projects, all the sonar issues which were suppressed earlier started reappearing after we upgraded SonarQube CE to 7.9.3 with the latest plugins.

For example, the following suppress warnings are not honored by SonarQube anymore

@SuppressWarnings("findsecbugs:PATH_TRAVERSAL_IN")
@SuppressWarnings({"squid:S1166", "fb-contrib:MUI_CONTAINSKEY_BEFORE_GET"})

I could see some discussion related to the same issue here. But I do not see any JIRA ticket raised for the same.

  • potential workaround
    Using // NOSONAR for now which we do not want to continue as a permanent solution.

Welcome :slight_smile:

i guess you hit this problems
https://jira.sonarsource.com/browse/SONARJAVA-3268
https://jira.sonarsource.com/browse/SONARJAVA-3279
which is said to be fixed with SonarJava 6.0.1, 6.0.2

Didn’t check it myself, have to wait for the release of Sonarqube 8.4 to go with Sonar Java 6.x

Gilbert

We are already using 6.3 (build 21585) version of Java.

The list of plugins and their versions installed are as below:

{
  "plugins": [
    {
      "key": "csharp",
      "name": "C# Code Quality and Security",
      "description": "Code Analyzer for C#",
      "version": "8.6.1 (build 17183)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/csharp.html",
      "issueTrackerUrl": "https://github.com/SonarSource/sonar-dotnet/issues",
      "implementationBuild": "e9f4299031df68d8c4be6ba670fd4c0395eebf76",
      "updatedAt": 1588828120854,
      "filename": "sonar-csharp-plugin-8.6.1.17183.jar",
      "sonarLintSupported": false,
      "hash": "885374536d1df7ea1a355ab41be74ff8"
    },
    {
      "key": "cxx",
      "name": "C++ (Community)",
      "description": "Enable analysis and reporting on c++ projects.",
      "version": "1.3.2 (build 1853)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarOpenCommunity",
      "organizationUrl": "https://github.com/SonarOpenCommunity",
      "editionBundled": false,
      "homepageUrl": "https://github.com/SonarOpenCommunity/sonar-cxx/wiki",
      "issueTrackerUrl": "https://github.com/SonarOpenCommunity/sonar-cxx/issues?state=open",
      "implementationBuild": "6dd6f74a995ec333a7e46464a45bcc824b204445",
      "updatedAt": 1585117082802,
      "filename": "sonar-cxx-plugin-1.3.2.1853.jar",
      "sonarLintSupported": false,
      "hash": "f5fe8033456493fa56ee304351d0f871"
    },
    {
      "key": "checkstyle",
      "name": "Checkstyle",
      "description": "Analyze Java code with Checkstyle",
      "version": "4.31",
      "license": "LGPL-3.0",
      "organizationName": "Checkstyle",
      "organizationUrl": "https://checkstyle.org",
      "editionBundled": false,
      "issueTrackerUrl": "https://github.com/checkstyle/sonar-checkstyle/issues",
      "updatedAt": 1588828120854,
      "filename": "checkstyle-sonar-plugin-4.31.jar",
      "sonarLintSupported": false,
      "hash": "ba011f996dec301337fc74c006c90efe"
    },
    {
      "key": "findbugs",
      "name": "Findbugs",
      "description": "Analyze Java, Scala, Closure and JSP code with SpotBugs. 4.0.0",
      "version": "4.0.0",
      "license": "GNU LGPL 3",
      "organizationName": "SpotBugs Team",
      "organizationUrl": "https://github.com/spotbugs/",
      "editionBundled": false,
      "homepageUrl": "https://github.com/spotbugs/sonar-findbugs/",
      "issueTrackerUrl": "https://github.com/spotbugs/sonar-findbugs/issues",
      "updatedAt": 1588828120854,
      "filename": "sonar-findbugs-plugin-4.0.0.jar",
      "sonarLintSupported": false,
      "hash": "e490208c0a8f8f32bd7e63a8e5c563d8"
    },
    {
      "key": "fxcop",
      "name": "FxCop",
      "description": "Import FxCop reports generated during your build to SonarQube issues",
      "version": "1.4.1",
      "license": "GNU LGPL 3",
      "editionBundled": false,
      "homepageUrl": "https://github.com/SonarQubeCommunity/sonar-fxcop",
      "updatedAt": 1585117082802,
      "filename": "sonar-fxcop-plugin-1.4.1.jar",
      "sonarLintSupported": false,
      "hash": "0a94f93e0847be0481e9e664a57c745e"
    },
    {
      "key": "scmgit",
      "name": "Git",
      "description": "Git SCM Provider for SonarQube",
      "version": "1.11.1 (build 2008)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/scmgit.html",
      "issueTrackerUrl": "https://jira.sonarsource.com/browse/SONARSCGIT",
      "implementationBuild": "204dc9b2cc33ec6b780303f926234eed26aea67d",
      "updatedAt": 1588828120854,
      "filename": "sonar-scm-git-plugin-1.11.1.2008.jar",
      "sonarLintSupported": false,
      "hash": "ce7341acd1d5d8428cb3745129bf0a73"
    },
    {
      "key": "authgithub",
      "name": "GitHub Authentication for SonarQube",
      "description": "GitHub Authentication for SonarQube",
      "version": "1.5 (build 870)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/authgithub.html",
      "issueTrackerUrl": "https://jira.sonarsource.com/projects/SQAUTHGITH",
      "implementationBuild": "153f7c7af7a264adb0fcbe5fee87bdd140a6a3a1",
      "updatedAt": 1585117082802,
      "filename": "sonar-auth-github-plugin-1.5.0.870.jar",
      "sonarLintSupported": false,
      "hash": "59d98c94277e5faa8377ba521e440eba"
    },
    {
      "key": "jacoco",
      "name": "JaCoCo",
      "description": "JaCoCo XML report importer",
      "version": "1.0.2 (build 475)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "issueTrackerUrl": "https://jira.sonarsource.com/browse/JACOCO",
      "implementationBuild": "b79a4724f3a9af1051266b4f8ca0460977295ead",
      "updatedAt": 1566812345921,
      "filename": "sonar-jacoco-plugin-1.0.2.475.jar",
      "sonarLintSupported": false,
      "hash": "513697d7dc792f02b10b1f4bcb9b48ab"
    },
    {
      "key": "java",
      "name": "Java Code Quality and Security",
      "description": "Code Analyzer for Java",
      "version": "6.3 (build 21585)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/java.html",
      "issueTrackerUrl": "https://jira.sonarsource.com/browse/SONARJAVA",
      "implementationBuild": "ecf8f9f571691771e6789b8e59ff5e6b4ef36ad8",
      "updatedAt": 1588828120854,
      "filename": "sonar-java-plugin-6.3.0.21585.jar",
      "sonarLintSupported": true,
      "hash": "b7770418b475741340f318372f55c33a"
    },
    {
      "key": "ldap",
      "name": "LDAP",
      "description": "Delegates authentication to LDAP",
      "version": "2.2 (build 608)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "https://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/ldap.html/sonar-ldap-plugin",
      "issueTrackerUrl": "http://jira.sonarsource.com/browse/LDAP",
      "implementationBuild": "79dc3fa4393a29667673c70182f3016288b548b7",
      "updatedAt": 1532097310324,
      "filename": "sonar-ldap-plugin-2.2.0.608.jar",
      "sonarLintSupported": false,
      "hash": "90da8f56fbbbb3624b8a3f6f1075860a"
    },
    {
      "key": "pmd",
      "name": "PMD",
      "description": "Analyze Java code with PMD.",
      "version": "3.2.1",
      "license": "GNU LGPL 3",
      "editionBundled": false,
      "homepageUrl": "https://github.com/jensgerdes/sonar-pmd",
      "issueTrackerUrl": "https://github.com/jensgerdes/sonar-pmd/issues",
      "implementationBuild": "781bc9e240c06c1ae06908a1ab0c0d27e01c2083",
      "updatedAt": 1575607150806,
      "filename": "sonar-pmd-plugin-3.2.1.jar",
      "sonarLintSupported": false,
      "hash": "8793e79f24bd4ccfa32398e5e4cb331c"
    },
    {
      "key": "authsaml",
      "name": "SAML 2.0 Authentication for SonarQube",
      "description": "SAML 2.0 Authentication for SonarQube",
      "version": "1.1.0 (build 181)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/authsaml.html",
      "issueTrackerUrl": "https://jira.sonarsource.com/browse/SQAUTHSAML",
      "implementationBuild": "16fcb5be2d3bcfee8920b29cd758d8b957a18acb",
      "updatedAt": 1585117082802,
      "filename": "sonar-auth-saml-plugin-1.1.0.181.jar",
      "sonarLintSupported": false,
      "hash": "cb2c8bc61a566b6f9bd7f4a8d9518a25"
    },
    {
      "key": "st",
      "name": "Smalltalk",
      "description": "SonarQube plugin implementing Smalltalk support.",
      "version": "0.5.4-SNAPSHOT",
      "license": "GNU LGPL 3",
      "organizationName": "ETAS GmbH",
      "organizationUrl": "https://www.etas.com",
      "editionBundled": false,
      "homepageUrl": "https://www.etas.com",
      "issueTrackerUrl": "http://jira.sonarsource.com",
      "implementationBuild": "d1a0cb370742d72c3ccc27738add87937b1d49a1",
      "updatedAt": 1588593863812,
      "filename": "sonar-smalltalk-plugin-0.5.4-SNAPSHOT.jar",
      "sonarLintSupported": false,
      "hash": "719cf58afcc3abf3f5580d43b6705269"
    },
    {
      "key": "cssfamily",
      "name": "SonarCSS",
      "description": "Code Analyzer for CSS",
      "version": "1.2 (build 1325)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/css.html",
      "issueTrackerUrl": "https://github.com/SonarSource/sonar-css/issues",
      "implementationBuild": "8dc9fe17b6230c20715d3b4cb34e0b6d02151afd",
      "updatedAt": 1588828120854,
      "filename": "sonar-css-plugin-1.2.0.1325.jar",
      "sonarLintSupported": false,
      "hash": "26232e683c1debb38b15b6a4f0801e21"
    },
    {
      "key": "flex",
      "name": "SonarFlex",
      "description": "Code Analyzer for Flex / ActionScript",
      "version": "2.5.1 (build 1831)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/flex.html",
      "issueTrackerUrl": "http://jira.sonarsource.com/browse/SONARFLEX",
      "implementationBuild": "a0c44437f6abb0feec76edd073f91fec64db2a6c",
      "updatedAt": 1585117082802,
      "filename": "sonar-flex-plugin-2.5.1.1831.jar",
      "sonarLintSupported": false,
      "hash": "6ead78e9824cd63c2952b34ee1f1231c"
    },
    {
      "key": "go",
      "name": "SonarGo",
      "description": "Code Analyzer for Go",
      "version": "1.6.0 (build 719)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/go.html",
      "issueTrackerUrl": "https://jira.sonarsource.com/browse/SONARSLANG",
      "implementationBuild": "edcc6a9e42fcdd30bb6f84a779c6cd7009ec72fd",
      "updatedAt": 1588828120854,
      "filename": "sonar-go-plugin-1.6.0.719.jar",
      "sonarLintSupported": false,
      "hash": "31899c2ada93bcca6e02085f1f47d6de"
    },
    {
      "key": "web",
      "name": "SonarHTML",
      "description": "Code analyzer for HTML",
      "version": "3.2 (build 2082)",
      "license": "The Apache Software License, Version 2.0",
      "organizationName": "SonarSource and Matthijs Galesloot",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/web.html",
      "issueTrackerUrl": "https://jira.sonarsource.com/browse/SONARHTML",
      "implementationBuild": "997a51b39c4d0a5399c73a8fb729030a69eb392b",
      "updatedAt": 1588828120854,
      "filename": "sonar-html-plugin-3.2.0.2082.jar",
      "sonarLintSupported": true,
      "hash": "298a75a167830bfe6c1a75bf3a08fe19"
    },
    {
      "key": "javascript",
      "name": "SonarJS",
      "description": "Code Analyzer for JavaScript",
      "version": "6.2.1 (build 12157)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource and Eriks Nukis",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/javascript.html",
      "issueTrackerUrl": "https://github.com/SonarSource/sonar-javascript/issues",
      "implementationBuild": "3444def97744d3b811822b3a4bca74798de3ded1",
      "updatedAt": 1588828120854,
      "filename": "sonar-javascript-plugin-6.2.1.12157.jar",
      "sonarLintSupported": true,
      "hash": "52f5340dd05620cd162e2b9a45a57124"
    },
    {
      "key": "kotlin",
      "name": "SonarKotlin",
      "description": "Code Analyzer for Kotlin",
      "version": "1.5.0 (build 315)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/kotlin.html",
      "issueTrackerUrl": "https://jira.sonarsource.com/browse/SONARSLANG",
      "implementationBuild": "4ff3a145a58f3f84f1b39846a205a129d742e993",
      "updatedAt": 1585117082802,
      "filename": "sonar-kotlin-plugin-1.5.0.315.jar",
      "sonarLintSupported": true,
      "hash": "2d9994a460180757f3fbad54f03e818e"
    },
    {
      "key": "php",
      "name": "SonarPHP",
      "description": "Code Analyzer for PHP",
      "version": "3.3.0.5166",
      "license": "GNU LGPL v3",
      "organizationName": "SonarSource and Akram Ben Aissi",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/php.html",
      "issueTrackerUrl": "http://jira.codehaus.org/browse/SONARPHP",
      "implementationBuild": "88e11dffb965aeef9d5bdd6d8413f394d35fecba",
      "updatedAt": 1588828120854,
      "filename": "sonar-php-plugin-3.3.0.5166.jar",
      "sonarLintSupported": true,
      "hash": "b025dffbf7e3b7fe129ae60ae9d16f45"
    },
    {
      "key": "python",
      "name": "SonarPython",
      "description": "Code Analyzer for Python",
      "version": "2.8 (build 6204)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource and Waleri Enns",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/python.html",
      "issueTrackerUrl": "https://jira.sonarsource.com/browse/SONARPY",
      "implementationBuild": "5600d1ed780882d2362bedb3604dbad7ea63eb27",
      "updatedAt": 1588828120854,
      "filename": "sonar-python-plugin-2.8.0.6204.jar",
      "sonarLintSupported": true,
      "hash": "7f02282f2c6196f47e6b35359b030a03"
    },
    {
      "key": "ruby",
      "name": "SonarRuby",
      "description": "Code Analyzer for Ruby",
      "version": "1.5.0 (build 315)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/ruby.html",
      "issueTrackerUrl": "https://jira.sonarsource.com/browse/SONARSLANG",
      "implementationBuild": "4ff3a145a58f3f84f1b39846a205a129d742e993",
      "updatedAt": 1585117082802,
      "filename": "sonar-ruby-plugin-1.5.0.315.jar",
      "sonarLintSupported": true,
      "hash": "74dfad9fb80c653ed5c959c3b2ed5a4a"
    },
    {
      "key": "sonarscala",
      "name": "SonarScala",
      "description": "Code Analyzer for Scala",
      "version": "1.5.0 (build 315)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/scala.html",
      "issueTrackerUrl": "https://jira.sonarsource.com/browse/SONARSLANG",
      "implementationBuild": "4ff3a145a58f3f84f1b39846a205a129d742e993",
      "updatedAt": 1585117082802,
      "filename": "sonar-scala-plugin-1.5.0.315.jar",
      "sonarLintSupported": true,
      "hash": "45e3bfcd65e7578ed4cd89604de3b06f"
    },
    {
      "key": "typescript",
      "name": "SonarTS",
      "description": "Code Analyzer for TypeScript",
      "version": "2.1 (build 4359)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/typescript.html",
      "issueTrackerUrl": "https://github.com/SonarSource/SonarTS/issues",
      "implementationBuild": "268ba9581b700c4fb2bc194d4069d283da915213",
      "updatedAt": 1588828120854,
      "filename": "sonar-typescript-plugin-2.1.0.4359.jar",
      "sonarLintSupported": true,
      "hash": "1b0c24e5d9a55450dfadcd0a2c8bc5c8"
    },
    {
      "key": "xml",
      "name": "SonarXML",
      "description": "Code Analyzer for XML",
      "version": "2.0.1 (build 2020)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/xml.html",
      "issueTrackerUrl": "https://jira.sonarsource.com/browse/SONARXML",
      "implementationBuild": "c5b84004face582d56f110e24c29bf9c6a679e69",
      "updatedAt": 1585117082802,
      "filename": "sonar-xml-plugin-2.0.1.2020.jar",
      "sonarLintSupported": true,
      "hash": "0c3ec093156f0350edc21e2a1d7ef2ee"
    },
    {
      "key": "scmsvn",
      "name": "Svn",
      "description": "Subversion SCM Provider for SonarQube",
      "version": "1.9.0.1295",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/scmsvn.html",
      "issueTrackerUrl": "https://jira.sonarsource.com/browse/SONARSCSVN",
      "implementationBuild": "942e075773975354e32691a60bfd968065703e04",
      "updatedAt": 1585117082802,
      "filename": "sonar-scm-svn-plugin-1.9.0.1295.jar",
      "sonarLintSupported": false,
      "hash": "37ae8929672c56a67919c60df53b4283"
    },
    {
      "key": "vbnet",
      "name": "VB.NET Code Quality and Security",
      "description": "Code Analyzer for VB.NET",
      "version": "8.6.1 (build 17183)",
      "license": "GNU LGPL 3",
      "organizationName": "SonarSource",
      "organizationUrl": "http://www.sonarsource.com",
      "editionBundled": false,
      "homepageUrl": "http://redirect.sonarsource.com/plugins/vbnet.html",
      "issueTrackerUrl": "https://github.com/SonarSource/sonar-dotnet/issues",
      "implementationBuild": "e9f4299031df68d8c4be6ba670fd4c0395eebf76",
      "updatedAt": 1588828120854,
      "filename": "sonar-vbnet-plugin-8.6.1.17183.jar",
      "sonarLintSupported": false,
      "hash": "64366a72c3c60d351d48c7ad518d13c8"
    }
  ]
}

OK, i’m currently on Sonarqube 7.9.1 Enterprise running Sonar Java 5.14 (build 18788),
also using the Track uses of “@SuppressWarnings” annotations rule.
Will test the update to Sonarqube 8.4 (and Sonar Java 6.x) after the release, expected shortly.

Hi,

When the java analyzer team implemented this change:

We underestimate the impact on third-party plugins. SonarQube 7.9 LTS users that have updated the java analyzer to 6.3.0 or 6.3.1 are impacted. For those users, we will soon provide a bug-fix release 6.3.2 to revert the above change (see SONARJAVA-3458). And for SonarQube 8.x users, we are still clarifying how we will handle third-party issues filtering.

A post was merged into an existing topic: @SuppressWarnings behaviour changed since SonarQube 8.X

I close this topic about SonarQube 7.9 fixed by the release 6.3.2 of the java analyzer.
And I open a new topic about the impact on SonarQube 8.X:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.