Facing problem in multi-module C/C++/Objective-C file project

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    version - 6.7.7
  • what are you trying to achieve
    We want to configure SonarQube for multi language project. Where project can have c,c++,java, js, xml and html.

Project can have multiple sub projects or sub modules in it.

Possible project structure would be as following, I am facing problem as there are multiple possible build folders where sonar.cfamily.build-wrapper-output=build/bz_output needs to point.

I need to holistic approach for sonarqube scanner.

Currently I have configured and I am running sonar-scanner command in each C++ CMakeList project.
And I endup with various erros. as following.

project
│   README.md
│   .gitlab-ci.yaml  
│   sonar-project.properties
│
└───SubProject1_c/cxx Cmake
│   │   CMakeLists.txt
│   │
│   └───src
│       │   file111.cxx
│       │   file112.hxx
│       │   ...
│       └───build
└───SubProject2_c/cxx Cmake
│   │   CMakeLists.txt
│   └───src
│       │   file111.cxx
│       │   file112.hxx
│       │   ...
│       └───build
└───SubProject_NPM
│   │   file021.txt
│   │ 
│   └───src
│       │   file111.js
│       │   file112.html
└───SubProject_java
│   │   file021.txt
│   │ 
│   └───src
│       │   file111.java

  • what have you tried so far to achieve this
    I tried keeping sonar.project.properties in each modules of sub folder and also tried with keeping single sonar.project.properties file but both didint worked for me.

18:31:39.545 INFO: Process Dependency-Check report (done) | time=12ms
18:31:39.545 INFO: Sensor Dependency-Check [dependencycheck] (done) | time=12ms
18:31:39.545 INFO: Sensor CFamily [cpp]
18:31:39.546 ERROR:

The only way to get an accurate analysis of C/C++/Objective-C files is by using the SonarSource build-wrapper
and setting the property “sonar.cfamily.build-wrapper-output”, but it was not specified.

If you don’t want to analyze C/C++/Objective-C files, then prevent them from being analyzed by setting the following properties:

sonar.c.file.suffixes=-
sonar.cpp.file.suffixes=-
sonar.objc.file.suffixes=-

18:31:39.655 INFO: ------------------------------------------------------------------------
18:31:39.656 INFO: EXECUTION FAILURE
18:31:39.656 INFO: ------------------------------------------------------------------------
18:31:39.656 INFO: Total time: 25.185s
18:31:39.827 INFO: Final Memory: 33M/418M
18:31:39.827 INFO: ------------------------------------------------------------------------
18:31:39.827 ERROR: Error during SonarQube Scanner execution
java.lang.UnsupportedOperationException:

The only way to get an accurate analysis of C/C++/Objective-C files is by using the SonarSource build-wrapper
and setting the property “sonar.cfamily.build-wrapper-output”, but it was not specified.

If you don’t want to analyze C/C++/Objective-C files, then prevent them from being analyzed by setting the following properties:

sonar.c.file.suffixes=-
sonar.cpp.file.suffixes=-
sonar.objc.file.suffixes=-


at com.sonar.cpp.plugin.R.execute(na:3349)
at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53)
at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:73)
at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:88)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:177)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:291)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:286)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:264)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:84)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:121)
at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:71)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:171)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:128)
at org.sonarsource.scanner.cli.Main.execute(Main.java:111)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)

Also I get following if I configure all subprojects with following content.

04:35:03.524 INFO: ------------------------------------------------------------------------
04:35:03.524 INFO: EXECUTION FAILURE
04:35:03.524 INFO: ------------------------------------------------------------------------
04:35:03.525 INFO: Total time: 15.603s
04:35:03.644 INFO: Final Memory: 36M/249M
04:35:03.644 INFO: ------------------------------------------------------------------------
04:35:03.644 ERROR: Error during SonarQube Scanner execution
04:35:03.644 ERROR: File src/server/text.xml can’t be indexed twice. Please check that inclusion/exclusion patterns produce disjoint sets for main and test files

sonar.projectKey=ProjectKey

#this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.

sonar.projectName=ProjectKey-ProjectName

sonar.projectVersion=1.0.0

sonar.host.url=

sonar.login=************

sonar.modules=abc

abc.sonar.projectName=abc

abc.sonar.projectKey=abc

abc.sonar.projectBaseDir=.

sonar.sources=.

sonar.exclusions=src/server/textserver/, makefile*,/.properties ,build/** , DevOps/, ProjectInfo.xml, output/, **/.txt, src/test_package/, extensions/, install/**

sonar.cfamily.build-wrapper-output=build/bz_output

Hello @Prasaddiwalkar,

Your question is badly formatted I am not able to understand the exact issue you are facing. Can you re-explain the problem in a clear way?

Thanks,

Hi @Abbas_Sabra

I want to configure C/C++ mutltimodule project my project structure is exactly similar to my initial issue comment. Can you share sample project or guideline for C/C++ multi module sonarqube configuration.

I tried putting sonar.project.properties in each module and also tried with single file at root location.

When I tried with sonar.project.properties in each module I am facing following issue,

can’t be indexed twice. Please check that inclusion/exclusion patterns produce disjoint sets for main and test files

When I tried with sonar.project.properties at root level I am facing following issue,

Root level properties file

# must be unique in a given SonarQube instance
sonar.projectKey=ROOT-CPP-Project
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=ROOT-CPP-Project-name
sonar.projectVersion=1.0.0
sonar.host.url=<URL>
sonar.login=<key>

sonar.lang.patterns.cov-cpp=-
sonar.modules=cpp_project1,cpp_project2,cpp_project3,cpp_project4

cpp_project1.sonar.projectBaseDir=cpp_project1
cpp_project1.sonar.cfamily.build-wrapper-output=cpp_project1/build/bz_output
cpp_project1.sonar.projectName=cpp_project1
cpp_project1.sonar.projectKey=cpp_project1
cpp_project1.sonar.projectBaseDir=cpp_project1
cpp_project1.sonar.sources=cpp_project1/.

cpp_project2.sonar.projectBaseDir=cpp_project2
cpp_project2.sonar.cfamily.build-wrapper-output=cpp_project2/build/bz_output
cpp_project2.sonar.projectName=cpp_project2
cpp_project2.sonar.projectKey=cpp_project2
cpp_project2.sonar.projectBaseDir=cpp_project2
cpp_project2.sonar.sources=cpp_project2/.

cpp_project3.sonar.projectBaseDir=cpp_project3
cpp_project3.sonar.cfamily.build-wrapper-output=cpp_project3/build/bz_output
cpp_project3.sonar.projectName=cpp_project3
cpp_project3.sonar.projectKey=cpp_project3
cpp_project3.sonar.projectBaseDir=cpp_project3
cpp_project3.sonar.sources=cpp_project3/.

cpp_project4.sonar.projectBaseDir=cpp_project4
cpp_project4.sonar.cfamily.build-wrapper-output=cpp_project4/build/bz_output
cpp_project4.sonar.projectName=cpp_project4
cpp_project4.sonar.projectKey=cpp_project4
cpp_project4.sonar.projectBaseDir=cpp_project4
cpp_project4.sonar.sources=cpp_project4/.

sonar.sourceEncoding=UTF-8

sonar.exclusions= **/extensions/**, **/install/**, **/output/**, lnx64/**

18:31:39.546 ERROR:

The only way to get an accurate analysis of C/C++/Objective-C files is by using the SonarSource build-wrapper
and setting the property “sonar.cfamily.build-wrapper-output”, but it was not specified.

If you don’t want to analyze C/C++/Objective-C files, then prevent them from being analyzed by setting the following properties:

sonar.c.file.suffixes=-
sonar.cpp.file.suffixes=-
sonar.objc.file.suffixes=-
18:31:39.655 INFO: ------------------------------------------------------------------------
18:31:39.656 INFO: EXECUTION FAILURE
18:31:39.656 INFO: ------------------------------------------------------------------------
18:31:39.656 INFO: Total time: 25.185s
18:31:39.827 INFO: Final Memory: 33M/418M
18:31:39.827 INFO: ------------------------------------------------------------------------
18:31:39.827 ERROR: Error during SonarQube Scanner execution
java.lang.UnsupportedOperationException:

The only way to get an accurate analysis of C/C++/Objective-C files is by using the SonarSource build-wrapper
and setting the property “sonar.cfamily.build-wrapper-output”, but it was not specified.

If you don’t want to analyze C/C++/Objective-C files, then prevent them from being analyzed by setting the following properties:

Hi @Abbas_Sabra

when I set

sonar.cfamily.build-wrapper-output=cpp_project1/build/bz_output

it gives me success result but it is ignoring other submodules build wrapper so I suspect for other modules scan is not fool proof.

My understanding for now SonarCFamily does not support multiple modules for C/C++/Objective-C projects

@Prasaddiwalkar,

there should be one configuration file per project.

This will not work. cpp_project1.sonar.projectBaseDir is not a valid option for the scanner.

What you have to do to analyze all your modules is to have one build command/script that clean build all your projects and pass this command to build-wrapper. You should have one properties file that you pass to the scanner. You should run the scanner from the root directory. What is going to be analyzed is the files that were built by the command that you pass to build-wrapper.

please check the documentation.

Thanks,

@Abbas_Sabra

Is there anyway to merge multiple bz_output into one and then run the sonar-scanner against it?
As project structure is based on package manager so it will be difficult for me to change the project structure and build system

@Prasaddiwalkar,

No.

I don’t know your exact case, but you don’t have to change anything. You only have to put all the commands you usually use to build all your projects in one script and pass it to build-wrapper.

1 Like

@Abbas_Sabra

the product for which I am building c++ library is not only build cpp code but also does so many other things

so for now I follow following steps.

  1. Generate model
  2. Generate code out of model
  3. conan install …
  4. cmake … -G “Unix Makefiles” -DCMAKE_BUILD_TYPE=Release -DCMAKE_CXX_COMPILER=g++
  5. build-wrapper-linux-x86-64 --out-dir bz_output cmake --build . --config Release

We do this for each project in a sequence as per build dependency.

Please suggest me how to

@Prasaddiwalkar,

You can put all of these in the build script that you pass to build-wrapper. This way you can keep the same build sequence. build-wrapper can detect which of these commands is building your project and track them.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.