How to prevent Windows SDK files from being scanned when scanning a C++/WinRT project made in Visual Studio

sonarqube
scanner
(the-nose-knows) #1
  • version: 3.3.0.1492

  • error observed: No matter how sonar.inclusions or sonar.exclusions are configured, windows SDK files are being scanned. This makes large C++/WinRT projects very slow to scan, and frankly I wouldn’t expect this behavior to begin with since it shouldn’t be considered part of the source to scan.

  • steps to reproduce

    1. Create a C++/WinRT console app project for Visual C++ in VS2017
    2. Run sonarscanner against it with sonar.log.level=TRACE && sonar.verbose=true
    3. Observe something like this appearing in the console output:

    14:01:25.799 INFO: [pool-4-thread-1] C:/jenkins/workspace/Scan_With_SonarQube/cppwinrt_console_app/pch.cpp

    14:01:32.753 ERROR: The rule with key ‘NamespaceName’ is configured with an invalid POSIX regex, and will be disabled:

    [a-z][a-z_0-9]*+

    repetition-operator operand invalid

    14:01:32.791 DEBUG: [pool-4-thread-1] C:\Program Files (x86)\Windows Kits\10\Include\10.0.17763.0\cppwinrt\winrt/base.h:1517 no type named ‘wstring_view’ in namespace ‘std’

  • potential workaround: None. It’s all or nothing. I can either scan my source code + windows SDK files or I can’t scan my source code

  • does this happen with other project-types? No. It only seems to trigger for C++/WinRt projects, but I haven’t tried all of them. It does seem to work fine for other basic C++ and C# projects.