error observed: No matter how sonar.inclusions or sonar.exclusions are configured, windows SDK files are being scanned. This makes large C++/WinRT projects very slow to scan, and frankly I wouldn’t expect this behavior to begin with since it shouldn’t be considered part of the source to scan.
steps to reproduce
- Create a C++/WinRT console app project for Visual C++ in VS2017
- Run sonarscanner against it with sonar.log.level=TRACE && sonar.verbose=true
- Observe something like this appearing in the console output:
14:01:25.799 INFO: [pool-4-thread-1] C:/jenkins/workspace/Scan_With_SonarQube/cppwinrt_console_app/pch.cpp
14:01:32.753 ERROR: The rule with key ‘NamespaceName’ is configured with an invalid POSIX regex, and will be disabled:
repetition-operator operand invalid
14:01:32.791 DEBUG: [pool-4-thread-1] C:\Program Files (x86)\Windows Kits\10\Include\10.0.17763.0\cppwinrt\winrt/base.h:1517 no type named ‘wstring_view’ in namespace ‘std’
potential workaround: None. It’s all or nothing. I can either scan my source code + windows SDK files or I can’t scan my source code
does this happen with other project-types? No. It only seems to trigger for C++/WinRt projects, but I haven’t tried all of them. It does seem to work fine for other basic C++ and C# projects.
How to prevent Windows SDK files from being scanned when scanning a C++/WinRT project made in Visual Studio
the-nose-knows (the-nose-knows) #1