Issue Count Mismatch in Sonarlint and Soanrqube

SonarQube Server / Community Build
,
1

If your question is about SonarLint in the IntelliJ Platform, VS Code, Visual Studio, or Eclipse, please post it in that sub-category.

Otherwise, please provide:

  • Operating system: Windows
  • IDE name and flavor/env: Android Studio

And a thorough description of the problem / question:
Sonarlint analysis for a file is done using connected mode. For a same rule, the issue is reported in sonarqube but not in sonarlint.
The Rule is enabled in Sonarlint as well. Even after whole project scan , the issue was not reported in sonarlint.

Rule : Java - java:S1162

2

Hi,

Can you provide your SonarLint version and the code in question?

 
Thx,
Ann

3

Hi Ann,

SonarLint Version - 10.5.0.78339

Code

image
image981×164 16 KB

4

Hi,

Thanks for these details.

Could I also have your SonarQube version and a screenshot of the code/issue in SonarQube?

 
Thx,
Ann

5

Hi Ann,

Sonarqube Version - * Enterprise Edition

  • Version 9.9.1 (build 69595)

Issue Screenshot -

image
image1889×704 110 KB

6

Hi,

Thanks for this.

If I look at the rule description, the code sample explicitly marks throwing an IllegalArgumentException as ‘Compliant’. So it’s not clear to me whether the problem is that SonarLint doesn’t raise the issue or that SonarQube does.

I’m going to flag this for the language experts to adjudicate the issue, and then we can go from there.

 
Ann

9

Hello @Megala_Natarajan,

Thanks for raising the issue.

In this case, SL is correct, as IllegalARgumentException is a RuntimeException, and the issue shouldn’t be shown. This makes me think that the rule implementation works correctly and that the issue might be a misconfiguration.

Could you please share your configuration/properties with us? Also, let me know if you’re using Gradle and how exactly you run the analysis. Most likely, something is missing in the configuration of the analysis, and it affects the result.

Best,
Margarita

10

Hi Margarita,

Yes we use Gradle for sonar analysis. Below is the command we use

./gradlew sonar -x compileHighDebugUnitTestKotlin -Dsonar.projectKey=mahindra-cid-myvehicle -Dsonar.projectName=mahindra-cid-myvehicle -Dsonar.host.url=https://mrv-sonarqube.mahindra.com/ -Dsonar.login=**** -Dsonar.test.exclusions='**/test/**,**/androidTest/**'

11

Do you build the project before analyzing it and which version of the scanner for Gradle are you using?

12

We run the scan post project build.
Sonar Plugin version used in gradle is 3.5.0.2730

13

@Margarita_Nedzelska ,
Gentle Reminder on this

16

Hey @Megala_Natarajan,
I am having a look and I am currently having some trouble reproducing the issue. But as mentioned in the conversation above, it looks like SonarLint is doing the right thing while SonarQube is not.

So here are a few additional questions to help clear out the issue

  1. What version of Java are you using?
  2. Is the Java version of the project different from the one you use to run the scanner with the Gradle command?
17

Hi @Dorian_Burihabwa ,

Nope. In both places, java version 11 is being used

18

Thank you for clarifying @Megala_Natarajan.
We can clear the Java version mismatch out of the possibilities.

I would like to rule out any analysis configuration issue here: When running the gradle command to analyze your code, is the Java runtime used a JRE or JDK?

This matters because the type resolution of IllegalArgumentException seems to be broken and causing this difference in behavior. I am asking about the Gradle command specifically because SonarLint usually has pretty sane configuration defaults in terms of analysis.

If the answer to the question above is a JRE, consider using a JDK or pointing to a local JDK installation using the sonar.java.jdkHome analysis parameter.

Let us know if you see any improvement.