java:S1128 (Unnecessary imports should be removed) is not triggered on file that were not compiled

• Operating system: Windows 11 / Linux

• IDE: Using sonarlint-plugin-api and sonarlint-core in a custom project for Gerrit.

In my company, we have an app that retrieves all modified files in a Gerrit change and runs SonarLint on them to provide comments for each rule violation detected.

Recently, we decided to upgrade our versions of sonarlint-plugin-api and sonarlint-core from 7.0.0.37656 to 9.8.0.76914. Since this upgrade, some rule violations are no longer triggered, even though they appear on SonarQube.

When investigating this issue, I found this ticket: SONARJAVA-3777.

As I understand it, we now need to compile the code before analysis for certain checks to be triggered.

To test this, I checked the UselessImportCheckTest both before and after applying the changes mentioned in the ticket.

tests808×831 162 KB

From my debugging, it appears that the jdt library relies on compiler problems to report the java:S1128 rule.

Without compilation:

without compile1632×235 65.6 KB

With compilation:

with compile932×228 47.9 KB

Question:

In my case, I cannot compile the code beforehand. Is there any way to have the RuleKeys not triggered by compiler warnings, as they were before?

Thanks in advance!

Hi,

What flavor and version of SonarLint are you using?

 
Thx,
Ann

Hi,

Sorry for my late awnser.

Here are the version in the plugin :

<dependency>
  <groupId>org.sonarsource.sonarlint.core</groupId>
  <artifactId>sonarlint-core</artifactId>
  <version>9.8.0.76914</version>
  <exclusions>
    <exclusion>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-api</artifactId>
    </exclusion>
  </exclusions>
</dependency>

<dependency>
  <groupId>org.sonarsource.sonarlint.core</groupId>
  <artifactId>sonarlint-plugin-api</artifactId>
  <version>9.8.0.76914</version>
</dependency>

It will use sonar rules on a sonar community edition v10.6

I do not understand what you mean by “what flavour”

Hi,

There are four different flavors of SonarLint, corresponding to four different IDEs, and they have different versions, so I was asking for both flavor and version to verify that you’re using the latest implementation of the rule.

But looking more closely at your initial post (like maybe I should have done to start with )…

You’re using the tools in a way that was never intended. SonarQube for IDE (nee SonarLint) was intended to run in the IDE, as the developer codes. It was never intended to be run as part of a job. That’s what SonarQube Server / Cloud / Community Build is for.

Sorry, no.

 
Ann

Hello again

SonarQube for IDE (nee SonarLint) was intended to run in the IDE, as the developer codes. It was never intended to be run as part of a job. That’s what SonarQube Server / Cloud / Community Build is for.

So my code is currently retrieving the rules from a SonarQube, and execute it with sonarLint.

If I cannot use sonnarLint to do the job, is there a way to ask dynamicaly SonarQube Server to analyze a single file without storing the result into SonarQube Server (via an HTTP request or something else) ?

Charles

Hi Charles,

Sorry, but that’s just not the way it works.

Would you mind explaining why you want to do it this way?

 
Thx,
Ann

Would you mind explaining why you want to do it this way?

In the company I’m working, we’re currently using gerrit to review commits made by developers.

To see if a change is valid, we run a jenkins job that :

• Compile the projet
• Run tests
• Get all modify file to run sonar on it (with our plugin).

Our sonar plugin gives a note to know if there is new sonar issue on the change (or old ones) and make comments using sonar rule information (exemple in the following capture) :

• -2 : old or new BLOCKER issue
• -1 : new issues
• +0 : new INFO issues
• +1 : no new issues

Capture d’écran 2024-12-18 1445111194×593 75.5 KB

Capture d’écran 2024-12-18 145622704×299 21.8 KB

In our contexte, when sonar looks at the code, il has no contexte about the build (jar and so).

Charles

Thanks Charles!

So you know, I believe that what you’re doing is what we built Pull Request analysis for.

 
Ann

Thanks Ann!

I will definitely have a look at it, to see how it can fit with gerrit. I see you have github, and gitlab integration, but no turnkey solution for gerrit.

Charles

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.