Java Custom rules does not work with LTS 7.9 on my machine and some issuses would be ignore while using "reportIssue(tree, message)"

Hi dear, I have 2 bugs to report.

  1. I found the LTS version 7.9 does not support java-rules-custom. Different from version 8.6 or higher, there are many other jar plugins under the directory #sonarhome/extentions/plugins. After I put my java-custom-rule jar under this directory and start sonarQube, there is no custom rules imported. Below are screenshots.

    .

  2. The other bug is that I found different number of bugs would be reported while using

    “addIssueOnFile(messageForFile);”

and “reportIssue(tree, message);”

Some bugs would be missing while using “reportIssue(tree, message);” to report bugs for the same rule( I custom rules in Java to check Java code). However, I tried to print log and I found when I use “reportIssue(tree, message);”, the prorgram could identify bugs, as same amount as I use “addIssueOnFile(messageForFile);”. It seems the website problem that didn`t show the results properly. I was really confused.

Hello,
A few questions for you:

  • Did you had a look at the web.log logs of your LTS 7.9 boot sequence? It should display why your custom plugin is not loaded.
  • Did you built it using the latest version of the tutorial, using the POM targeting 7.9 LTS?

Regarding the 2nd issue you are reporting, could your please provide both:

  • An example of code that is supposed to raise an issue, and behave differently depending on the two versions
  • The code of your custom rules with both version mentioned
    This would help us reproduce the issue on our side.

Thanks in advance,
Michael

Hello,
Thanks for ur reply.

For the first issue, I read the web.log and found the reason is incorrect version of Java analyser. I updated it and make custom rules work normally.

For the second issue. For example, here are my custom rule codes.

FindSessionIdWithAddIssueOnFile.java

@Rule(key = "FindSessionIdWithAddIssueOnFile")
public class FindSessionIdWithAddIssueOnFile extends IssuableSubscriptionVisitor {
  @Override
  public List<Tree.Kind> nodesToVisit() {
    return Collections.singletonList(Tree.Kind.IDENTIFIER);
  }

  @Override
  public void visitNode(Tree tree) {

    IdentifierTree identifierTree = (IdentifierTree) tree;

    if (identifierTree == null) {
      return;
    }

    String name = identifierTree.name();

    if (name.toLowerCase().indexOf("sessionid") != -1) {
      String message = "This variable is sessionID related at line: " + tree.firstToken().line();
      addIssueOnFile(message);
    }
  }

}

FindSessionIdWithReportIssue.java


@Rule(key = "FindSessionIdWithReportIssue")
public class FindSessionIdWithReportIssue extends IssuableSubscriptionVisitor {

  @Override
  public List<Tree.Kind> nodesToVisit() {
    return Collections.singletonList(Tree.Kind.IDENTIFIER);
  }

  @Override
  public void visitNode(Tree tree) {

    IdentifierTree identifierTree = (IdentifierTree) tree;

    if (identifierTree == null) {
      return;
    }

    String name = identifierTree.name();

    if (name.toLowerCase().indexOf("sessionid") != -1) {
      String message = "This variable is sessionID related: ";
      reportIssue(tree, message);    
}
  }

}

The aim of these two rules are to find “sessionid” and the only difference is the ways to report issue.

Below is the result of analysing one of projects.
issue2-1

You can see they report different numbers of bugs.

then I read the detail of result and I found:
The rule FindSessionIdWithReportIssue using “reportIssue(tree, message);” to report issue would ignore some issues, like the line 99

but the other rule FindSessionIdWithAddIssueOnFile using “addIssueOnFile(message);” would report it:

Then I tried FindSessionIdWithReportIssue with the Java file I tried to scan in local and it works normally, the “issue” would report at line 99:

java.lang.AssertionError: Unexpected at [74, 77, 90, 93, 99, 109, 109, 117, 117, 120, 120, 137, 138, 139, 140, 149, 152, 161, 163, 177, 179, 205, 207, 222, 224, 240, 242, 263, 265, 401, 403, 404, 406, 408, 417, 417, 422]

I also printed some information for FindSessionIdWithReportIssue . I found it would report bugs nomally because issues would be printed at line 99 in terminal.

So I think maybe the promblem of displaying report on website?

That’s all. Thanks again for ur help.

By the way, for less important thing, I just can`t update java analyser though SonarQube marketplace and I download adequate version of analyser through https://mvnrepository.com/

issue2-5

As you can see the number of issues reported in the log in the terminal is right(137), but only 75 issues would show on the web.