False positives coming from Qt Framework usage

DavidSC · June 12, 2024, 11:03am

Must-share information (formatted with Markdown):
SonarQube (Enterprise)
Docker (I think)

We’ve got around 3,500+ false positives coming from our use of the Qt Framework. Qt uses the new idiom to create new instances of classes. The warnings are about our code when we create Qt classes, not from the Qt code itself.

This is a well documented “issue” for example it is discussed here - Qt's heap and new-"fetishism" (and the consequences for safety relevant software) | Qt Forum

How can we set up a rule to suppress these warnings in the context where we are using Qt? I’m aware of the NOSONAR line comment which would suppress them, but that is going to be a lot of work to annotate all the affected lines.

One example of the warning is:

" [Replace the use of “new” with an operation that automatically manages the memory.]"

I think there is a development ticket to help improve Sonar with Qt. Please upvote that ticket for me!

Thank you
David

ganncamp · June 13, 2024, 12:07pm

Hi David,

Welcome to the community!

I assume we’re talking about C++ here? Would you mind also sharing what version of SonarQube you’re using?

Yes, I agree.

Your best bet here is probably multi-criteria issue exclusions, which allow you to turn off specific rule (keys) for specific file path patterns.

HTH,
Ann

DavidSC · June 13, 2024, 1:37pm

Hi Ann,

Enterprise 10.4.1 build 88267

Do not want to turn off the warning for specific files, only when we are using Qt. The warning may be valid for other parts of a file where we are using Qt, but for the Qt-usage itself it is a false positive.

Thank you
David

ganncamp · June 13, 2024, 2:11pm

Hi David,

There’s also the ability to ignore blocks within files, but

it turns off all rules for the blocks
it requires a (consistent) start pattern and end pattern to delineate the blocks

Ann

DavidSC · June 13, 2024, 2:53pm

Thank you.

Like I said in my original post, we have thousands of these, and decorating the code to suppress them is going to be a little work.

It would be better if SQ could suppress certain rules in certain contexts.

aalvarez · June 13, 2024, 5:15pm

Hello,

Indeed we have a ticket for it:
https://sonarsource.atlassian.net/browse/CPP-1971

I have linked this thread there to give it more traction.

Thanks for the feedback!

Topic		Replies	Views
Suppressing Duplicate Code Blocks in SonarQube SonarQube Server / Community Build sonarqube , coverage , duplications	3	128	January 3, 2025
Unexpected warning against to QT code based on c++ programming language - Build Wrapper Analysis Report False-positive / False-negative... sonarqube , scanner , cfamily	11	525	November 20, 2023
How to suppress warnings for code in class / method comments SonarQube Server / Community Build cfamily	4	31364	November 12, 2021
cpp:S3584: False positive when using placement new Rules and Languages	1	20	March 11, 2025
Massive false positive unused function issue Report False-positive / False-negative... sonarqube , cfamily	8	565	April 12, 2024

False positives coming from Qt Framework usage

Related topics