Analysing C++ projects

cpp
scanner

(Hugo) #1

Hello.
I am using SonarQube 7.3 enterprise to run scans to a C++ project, using the Sonar-Scanner.
I’ve configured the sonar-project.properties like this:

sonar.projectKey=myCPPProject
sonar.projectName=CPP Project
sonar.projectVersion=1.1
sonar.sources=.

After that I run the scan like this: Sonar-Scanner

i noticed that I get some warning in my command line:
" (…)
WARN: SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.
(…)
INFO: No SCM system was detected. You can use the ‘sonar.scm.provider’ property to explicitly specify it.
INFO: Calculating CPD for 1 file
INFO: CPD calculation finished
INFO: Analysis report generated in 446ms, dir size=102 KB
INFO: Analysis reports compressed in 59ms, zip size=26 KB
INFO: Analysis report uploaded in 68ms
(…)
"

After this I go to my SonarQube instance and I can see my project but I have 0 bugs, 0 vulnerabilitiesm 0 code smell, 0% covarage, 0% duplications…

Something is not as it should be… Can you tell me what am I doing wrong?


(Alexandre Frigout) #2

Hello Hugo,

Please share the following informations:

  • how many files are in your project ?
  • are you sure you have issues in your code ?
  • the full log of the analysis

On the coverage front, it is expected that you see 0% as you did not specify the coverage parameter see.

Greetings,
Alex.


(Hugo) #3

Ok, I am sorry.

It’s a 1 file project (less than 500 lines).
I am not sure if I have issues but I wasn’t expecting 0 issues :smile:

Where can i find the full log for the analysis?

But I am sure something is wrong. I’ve insert bad code in it and still it was not found…


(Alexandre Frigout) #4

The log of the analysis is the standard output of the terminal.

An important thing to check in that case is the quality profile.
I suggest you to have a look at the active rules in your QP.

Did you use the build-wrapper to analyse you code as described in the documentation ?

Greetings,
Alex.


(Hugo) #5

The log:

C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System>Sonar-scanner
INFO: Scanner configuration file: C:\Program Files\sonar-scanner-3.2.0.1227-windows\bin\..\conf\sonar-scanner.properties
INFO: Project root configuration file: C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\sonar-project.properties
INFO: SonarQube Scanner 3.2.0.1227
INFO: Java 1.8.0_121 Oracle Corporation (64-bit)
INFO: Windows NT (unknown) 10.0 amd64
INFO: User cache: C:\Users\hugo.t.negrao\.sonar\cache
INFO: SonarQube server 7.3.0
INFO: Default locale: "en_US", source code encoding: "windows-1252" (analysis is platform dependent)
INFO: Publish mode
INFO: Load global settings
INFO: Load global settings (done) | time=164ms
INFO: Server id: 217057F2-AWRq6Y0yrJ0ErJoCDyfN
INFO: User cache: C:\Users\hugo.t.negrao\.sonar\cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=111ms
INFO: Load/download plugins (done) | time=448ms
INFO: Loaded core extensions: branch-scanner
INFO: Process project properties
INFO: Load project branches
INFO: Load project branches (done) | time=46ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=23ms
INFO: Load branch configuration
INFO: Load branch configuration (done) | time=11ms
INFO: Load project repositories
INFO: Load project repositories (done) | time=154ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=71ms
INFO: Load active rules
INFO: Load active rules (done) | time=1425ms
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=27ms
WARN: SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.
INFO: Project key: myCPPProject
INFO: Project base dir: C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System
INFO: -------------  Scan CPP Project
INFO: Base dir: C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System
INFO: Working dir: C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\.scannerwork
INFO: Source paths: MyCode
INFO: Source encoding: windows-1252, default locale: en_US
INFO: Load server rules
INFO: Load server rules (done) | time=334ms
INFO: Index files
INFO: 1 file indexed
INFO: Quality profile for c++: Sonar way
INFO: Sensor SonarJavaXmlFileSensor [java]
INFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=1ms
INFO: Sensor C++ (Community) SquidSensor [cxx]
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:1]: cannot find the sources for '#include<iostream.h>'
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:2]: cannot find the sources for '#include<fstream.h>'
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:3]: cannot find the sources for '#include<iomanip.h>'
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:4]: cannot find the sources for '#include<string.h>'
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:5]: cannot find the sources for '#include<stdlib.h>'
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:6]: cannot find the sources for '#include<conio.h>'
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:7]: cannot find the sources for '#include<stdio.h>'
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:8]: cannot find the sources for '#include<iomanip.h>'
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:9]: cannot find the sources for '#include<graphics.h>'
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:10]: cannot find the sources for '#include<dos.h>'
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:29]: skip declaration: void stud :: get ( void ) {
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:35]:    syntax error: cout << "\n             Enter name -> "
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:37]:    syntax error: cin .
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:39]: skip declaration: while ( name [ i ] != '\n' ) {
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:43]:    syntax error: cin .
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:46]:    syntax error: cin .
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:48]:    syntax error: cout << "             Enter address       -> "
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:50]:    syntax error: cin .
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:54]:    syntax error: cout << "             Enter ph_no\t-> \t"
WARN: [C:\My Progs\Sonar Analysis\Project 3 - cpp Phone System\MyCode\telephone directory system.cpp:56]:    syntax error: cin >>
WARN: Metric 'comment_lines_data' is deprecated. Provided value is ignored.
INFO: Sensor C++ (Community) SquidSensor [cxx] (done) | time=552ms
INFO: Sensor C++ (Community) Unit Test Results Import [cxx]
INFO: No unit test results property. Skip Sensor
INFO: Sensor C++ (Community) Unit Test Results Import [cxx] (done) | time=2ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=28ms
INFO: Sensor JavaSecuritySensor [security]
INFO: UCFGs: 0, excluded: 0, source entrypoints: 0
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=12ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: UCFGs: 0, excluded: 0, source entrypoints: 0
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=9ms
INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
INFO: Calculating CPD for 1 file
INFO: CPD calculation finished
INFO: Analysis report generated in 282ms, dir size=102 KB
INFO: Analysis reports compressed in 47ms, zip size=27 KB
INFO: Analysis report uploaded in 54ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:7000/dashboard?id=myCPPProject
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:7000/api/ce/task?id=AWY1IjX8XU5NtXKrRiYp
INFO: Task total time: 10.011 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 13.551s
INFO: Final Memory: 50M/844M
INFO: ------------------------------------------------------------------------

(Hugo) #6

I was doing the analysis with C++ Community plugin


(Hugo) #7

If I try to do it with the build wrapper, as suggested in the documentation:
build-wrapper-win-x86-64.exe --out-dir bw_output MSBuild.exe /t:Rebuild

I get the following error:

Microsoft ® Build Engine version 15.7.179.6572 for .NET Framework
Copyright © Microsoft Corporation. All rights reserved.

MSBUILD : error MSB1003: Specify a project or solution file. The current working directory does not contain a project or solution file.

Note: I only have a cpp file. And that file is the only one I’d like to scan.


(Loïc Joly) #8

The documentation mentions MsBuild as an example, you should replace it with the build command you are using, so this might be something like:

build-wrapper-win-x86-64.exe --out-dir bw_output cl.exe MyFile.cpp -Dxxxx -Ixx/xxx/xxx

But I don’t know this C++ Community plugin, and I highly doubt it can take build wrapper file as an input, since the build wrapped has been designed to work with SonarCFamily


(Hugo) #10

I have Visual Studio 2017 Community installed but i cannot find cl.exe location. Can you tell me where it is. Or maybe using another compiler…?


(Loïc Joly) #11

It does not have to be cl.exe. It can also be gcc, clang, or even some more exotic compilers. Just copy after:

build-wrapper-win-x86-64.exe --out-dir bw_output 

the exact command line that you are using to compile your code.