Java Custom rules does not work with LTS 7.9 on my machine and some issuses would be ignore while using "reportIssue(tree, message)"

Hi dear, I have 2 bugs to report.

1. I found the LTS version 7.9 does not support java-rules-custom. Different from version 8.6 or higher, there are many other jar plugins under the directory #sonarhome/extentions/plugins. After I put my java-custom-rule jar under this directory and start sonarQube, there is no custom rules imported. Below are screenshots.
   

   

   issue1-1935×565 47 KB
   

   issue1-2631×857 26.4 KB
   .

2. The other bug is that I found different number of bugs would be reported while using

   “addIssueOnFile(messageForFile);”

and “reportIssue(tree, message);”

Some bugs would be missing while using “reportIssue(tree, message);” to report bugs for the same rule( I custom rules in Java to check Java code). However, I tried to print log and I found when I use “reportIssue(tree, message);”, the prorgram could identify bugs, as same amount as I use “addIssueOnFile(messageForFile);”. It seems the website problem that didn`t show the results properly. I was really confused.

Hello,
A few questions for you:

• Did you had a look at the web.log logs of your LTS 7.9 boot sequence? It should display why your custom plugin is not loaded.
• Did you built it using the latest version of the tutorial, using the POM targeting 7.9 LTS?

Regarding the 2nd issue you are reporting, could your please provide both:

• An example of code that is supposed to raise an issue, and behave differently depending on the two versions
• The code of your custom rules with both version mentioned
  This would help us reproduce the issue on our side.

Thanks in advance,
Michael

Hello,
Thanks for ur reply.

For the first issue, I read the web.log and found the reason is incorrect version of Java analyser. I updated it and make custom rules work normally.

For the second issue. For example, here are my custom rule codes.

FindSessionIdWithAddIssueOnFile.java

@Rule(key = "FindSessionIdWithAddIssueOnFile")
public class FindSessionIdWithAddIssueOnFile extends IssuableSubscriptionVisitor {
  @Override
  public List<Tree.Kind> nodesToVisit() {
    return Collections.singletonList(Tree.Kind.IDENTIFIER);
  }

  @Override
  public void visitNode(Tree tree) {

    IdentifierTree identifierTree = (IdentifierTree) tree;

    if (identifierTree == null) {
      return;
    }

    String name = identifierTree.name();

    if (name.toLowerCase().indexOf("sessionid") != -1) {
      String message = "This variable is sessionID related at line: " + tree.firstToken().line();
      addIssueOnFile(message);
    }
  }

}

FindSessionIdWithReportIssue.java

@Rule(key = "FindSessionIdWithReportIssue")
public class FindSessionIdWithReportIssue extends IssuableSubscriptionVisitor {

  @Override
  public List<Tree.Kind> nodesToVisit() {
    return Collections.singletonList(Tree.Kind.IDENTIFIER);
  }

  @Override
  public void visitNode(Tree tree) {

    IdentifierTree identifierTree = (IdentifierTree) tree;

    if (identifierTree == null) {
      return;
    }

    String name = identifierTree.name();

    if (name.toLowerCase().indexOf("sessionid") != -1) {
      String message = "This variable is sessionID related: ";
      reportIssue(tree, message);    
}
  }

}

The aim of these two rules are to find “sessionid” and the only difference is the ways to report issue.

Below is the result of analysing one of projects.

You can see they report different numbers of bugs.

then I read the detail of result and I found:
The rule FindSessionIdWithReportIssue using “reportIssue(tree, message);” to report issue would ignore some issues, like the line 99

issue2-2704×61 1.27 KB

but the other rule FindSessionIdWithAddIssueOnFile using “addIssueOnFile(message);” would report it:

issue2-31017×74 3.86 KB

Then I tried FindSessionIdWithReportIssue with the Java file I tried to scan in local and it works normally, the “issue” would report at line 99:

java.lang.AssertionError: Unexpected at [74, 77, 90, 93, 99, 109, 109, 117, 117, 120, 120, 137, 138, 139, 140, 149, 152, 161, 163, 177, 179, 205, 207, 222, 224, 240, 242, 263, 265, 401, 403, 404, 406, 408, 417, 417, 422]

I also printed some information for FindSessionIdWithReportIssue . I found it would report bugs nomally because issues would be printed at line 99 in terminal.

So I think maybe the promblem of displaying report on website?

That’s all. Thanks again for ur help.

By the way, for less important thing, I just can`t update java analyser though SonarQube marketplace and I download adequate version of analyser through https://mvnrepository.com/

As you can see the number of issues reported in the log in the terminal is right(137), but only 75 issues would show on the web.

It seems I didn`t reply to u but reply to my post. Could u plz check my reply

Hey,

Thanks for sharing the code of your rule!

The marketplace has been disabled for SonarSource analyzers and updating analyzers manually is not supported anymore. Versions of analyzers are now fixed to a SonarQube version. What you are doing is consequently not a supported use case, and we can not guarantee that the plugin you will install will still be compatible with your SonarQube instance (we don’t test it on our side).

Yep I can see from your logs and outputs that there is something fishy here. Unfortunately, I can not reproduce it on my side. I systematically get the same number of issues by both rules for my test file.

Would you be able to share with me your test file?
I would need to debug the analysis to check what’s happening.

Note that I’m performing my tests using SonarQube 8.8 and the latest version of the java analyzer. It is possible that there was a bug on SonarQube side, with your version.

Regards,
Michael

Hi Michael,
I tried the latest version but this problem is still not fixed. When I tried to scan one file, everything is normal, but if I tried to scan some maven projects, the problem occurs. However, this problem would occur on some project, not every one. I am sorry I cant provide the maven project with wrong scanning results due to some reason. Thanks for ur help, I will keep on using sonarQube and if I make any progress on this issue, Ill contact u.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.