Old code issues detected as new code

SonarQube Server / Community Build
1

Hi comunity,

we have detected in our projects that sometimes issues are detected in new code when they are clearly old code.

This an example of issue detected correctly as new code, with background in grey.

image
image1100×239 8.97 KB

And this is an example of issue defined as new code when is actually old (white background)

image
image1117×161 8.46 KB

How is this possible?

We are using Community Build v25.2.0.102705

Thank you.

2

Hi,

This guide may help.

 
Ann

3

The only pattern I can find is that is in some cases the class where the issue is raised has been actually modified during new code period. I understand that could make to detect some issues as new code for some rules, like java:S120 (package naming) or when adding a new line in an “if” that already had a Cognitive Complexity issue.

But I have an example of a constants class, just a list of them, where a new one has been added, and then Sonarqube raises as new issue an already existing constant declaration 200 lines before the new one.

This makes me wonder if an existing issue is defined as new every time the file is modified, no matter the rule.

4

Hi,

No.

Going back to the example in your first post,

This could be an example of this:

Another explanation for this is that analysis doesn’t have the SCM metadata it needs to correctly understand what’s new and what’s not.

We would need your analysis log to understand.

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

 
Ann

5

Thank you for your answer, Ann.

This is the constants issue:

image
image1310×447 34.1 KB

And these are the logs of the analysis that raied that issue

[INFO] --- sonar-maven-plugin:3.8.0.2131:sonar (default-cli) XXXXXX ---
[INFO] User cache: /builds/***********/.sonar/cache
[INFO] SonarQube version: 9.9.3.79811
[INFO] Default locale: "en_US", source code encoding: "UTF-8"
[INFO] Load global settings
[INFO] Load global settings (done) | time=378ms
[INFO] Server id: 69B5D415-AWOCiNgZV4clcPV5mXzS
[INFO] User cache: /builds//***********/./.sonar/cache
[INFO] Load/download plugins
[INFO] Load plugins index
[INFO] Load plugins index (done) | time=79ms
[INFO] Load/download plugins (done) | time=6569ms
[INFO] Process project properties
[INFO] Process project properties (done) | time=10ms
[INFO] Execute project builders
[INFO] Execute project builders (done) | time=2ms
[INFO] Project key: /***********/.
[INFO] Base dir: /***********/.
[INFO] Working dir: /***********/./target/sonar
[INFO] Load project settings for component key: 'o/***********/.'
[INFO] Load project settings for component key: 'o/***********/.' (done) | time=77ms
[INFO] Load project branches
[INFO] Load project branches (done) | time=37ms
[INFO] Load branch configuration
[INFO] Auto detected BRANCH configuration with source develop using com.github.mc1arke.sonarqube.plugin.scanner.autoconfiguration.GitlabCiAutoConfigurer
[INFO] Load branch configuration (done) | time=4ms
[INFO] Auto-configuring with CI 'Gitlab CI'
[INFO] Load quality profiles
[INFO] Load quality profiles (done) | time=77ms
[INFO] Load active rules
[INFO] Load active rules (done) | time=2481ms
[INFO] Load analysis cache
[INFO] Load analysis cache (404) | time=34ms
[INFO] Branch name: develop
[INFO] Load project repositories
[INFO] Load project repositories (done) | time=58ms
[INFO] Indexing files...
[INFO] Project configuration:
[INFO] 328 files indexed
[INFO] 1564 files ignored because of scm ignore settings
[INFO] Quality profile for java: R9K Java Quality profile
[INFO] Quality profile for xml: Sonar way
[INFO] ------------- Run sensors on module /***********/9.5.0-SNAPSHOT
[INFO] Load metrics repository
[INFO] Load metrics repository (done) | time=40ms
[INFO] Delphi Project Helper creation!!!
[INFO] No exclude directories found in project configuration.
[INFO] Delphi sensor DelphiSensor...
[INFO] Delphi Project Helper creation!!!
[INFO] No exclude directories found in project configuration.
[INFO] Delphi sensor describe...
[INFO] SurefireSensor sensor describe...
[INFO] PMD sensor.describe
[INFO] Delphi sensor describe...
[INFO] SurefireSensor sensor describe...
[INFO] PMD sensor.describe
[INFO] Sensor JavaSensor [java]
[INFO] Configured Java source version (sonar.java.source): 8
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=9ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=3ms
[INFO] Server-side caching is enabled. The Java analyzer will not try to leverage data from a previous analysis.
[INFO] Using ECJ batch to parse 133 Main java source files with batch size 500 KB.
[INFO] Starting batch processing.
[INFO] The Java analyzer cannot skip unchanged files in this context. A full analysis is performed for all files.
[INFO] 48% analyzed
[INFO] 100% analyzed
[INFO] Batch processing: Done.
[INFO] Did not optimize analysis for any files, performed a full analysis for all 133 files.
[WARNING] Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
[INFO] Using ECJ batch to parse 122 Test java source files with batch size 500 KB.
[INFO] Starting batch processing.
[INFO] 100% analyzed
[INFO] Batch processing: Done.
[INFO] Did not optimize analysis for any files, performed a full analysis for all 122 files.
[WARNING] Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
[WARNING] Use of preview features have been detected during analysis. Enable DEBUG mode to see them.
[INFO] No "Generated" source files to scan.
[INFO] Sensor JavaSensor [java] (done) | time=14567ms
[INFO] Sensor C# Project Type Information [csharp]
[INFO] Sensor C# Project Type Information [csharp] (done) | time=0ms
[INFO] Sensor C# Analysis Log [csharp]
[INFO] Sensor C# Analysis Log [csharp] (done) | time=9ms
[INFO] Sensor C# Properties [csharp]
[INFO] Sensor C# Properties [csharp] (done) | time=0ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [/builds/***********/./target/surefire-reports/tests-report]
[INFO] Sensor SurefireSensor [java] (done) | time=115ms
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=3ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source file to be analyzed
[INFO] 1/1 source file has been analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=178ms
[INFO] Sensor TextAndSecretsSensor [text]
[INFO] 260 source files to be analyzed
[INFO] 260/260 source files have been analyzed
[INFO] Sensor TextAndSecretsSensor [text] (done) | time=419ms
[INFO] Sensor VB.NET Project Type Information [vbnet]
[INFO] Sensor VB.NET Project Type Information [vbnet] (done) | time=0ms
[INFO] Sensor VB.NET Analysis Log [vbnet]
[INFO] Sensor VB.NET Analysis Log [vbnet] (done) | time=12ms
[INFO] Sensor VB.NET Properties [vbnet]
[INFO] Sensor VB.NET Properties [vbnet] (done) | time=0ms
[INFO] Sensor com.github.mc1arke.sonarqube.plugin.scanner.ScannerPullRequestPropertySensor
[INFO] Sensor com.github.mc1arke.sonarqube.plugin.scanner.ScannerPullRequestPropertySensor (done) | time=1ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Importing 1 report(s). Turn your logs in debug mode in order to see the exhaustive list.
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=156ms
[INFO] Sensor CSS Rules [javascript]
[INFO] No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
[INFO] Sensor CSS Rules [javascript] (done) | time=2ms
[INFO] Sensor IaC Docker Sensor [iac]
[INFO] 0 source files to be analyzed
[INFO] 0/0 source files have been analyzed
[INFO] Sensor IaC Docker Sensor [iac] (done) | time=60ms
[INFO] ------------- Run sensors on project
[INFO] Sensor Analysis Warnings import [csharp]
[INFO] Sensor Analysis Warnings import [csharp] (done) | time=0ms
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=1ms
[INFO] Sensor Java CPD Block Indexer
[INFO] Sensor Java CPD Block Indexer (done) | time=176ms
[INFO] SCM Publisher SCM provider for this project is: git
[INFO] SCM Publisher 12 source files to be analyzed
[INFO] SCM Publisher 12/12 source files have been analyzed (done) | time=1143ms
[INFO] CPD Executor 29 files had no CPD blocks
[INFO] CPD Executor Calculating CPD for 104 files
[INFO] CPD Executor CPD calculation finished (done) | time=46ms
[INFO] Load New Code definition
[INFO] Load New Code definition (done) | time=59ms
[INFO] Analysis report generated in 190ms, dir size=3.3 MB
[INFO] Analysis report compressed in 344ms, zip size=1.1 MB
[INFO] Analysis report uploaded in 237ms
[INFO] ------------- Check Quality Gate status
[INFO] Waiting for the analysis report to be processed (max 4000s)
[INFO] QUALITY GATE STATUS: PASSED - View details on https://sonarqube./***********/.
[INFO] Executing post-job 'Final report'
[INFO] Turn debug info on to get more details (sonar-scanner -X -Dsonar.verbose=true ...).
[INFO] Analysis total time: 39.018 s

This analysis is done before the upgrade, but the rules are the same.

Let me know if could be useful to paste any other log, like the ones of the screenshots of my first post

6

Hi,

Thanks for the issue screenshot.

This isn’t in the guide I pointed you to, but it’s a classic example of how you get new issues in old code. When that like was originally written new Integer(int) wasn’t deprecated. In the meantime, I suppose you’ve upgraded your Java version, and now it is.

This is completely legitimate.

 
HTH,
Ann

7

We haven’t upgraded the java version (we will soon, and it is very interesting that you pointed it). Here you may find the analysis of the issue of my first post (“Remove this expression which always evaluate to true”) with the new version of Sonarqube and sonar.java.source still set to 8.

[INFO] 
[INFO] --- sonar-maven-plugin:4.0.0.4121:sonar (default-cli) @ reg-integration ---
[INFO] 09:24:51.714 Java 21.0.5 Azul Systems, Inc. (64-bit)
[INFO] 09:24:51.714 Linux 6.13.11-200.fc41.x86_64 (amd64)
[INFO] 09:24:51.714 MAVEN_OPTS= -Djava.awt.headless=true
[INFO] 09:24:51.871 User cache: /*********/.sonar/cache
[INFO] 09:24:52.200 Communicating with SonarQube Server 25.2.0.102705
[INFO] 09:24:52.289 Default locale: "en_US", source code encoding: "UTF-8"
[INFO] 09:24:53.182 Load global settings
[INFO] 09:24:53.451 Load global settings (done) | time=270ms
[INFO] 09:24:53.483 Server id: *********
[INFO] 09:24:53.496 Loading required plugins
[INFO] 09:24:53.496 Load plugins index
[INFO] 09:24:53.563 Load plugins index (done) | time=67ms
[INFO] 09:24:53.564 Load/download plugins
[INFO] 09:24:53.638 Load/download plugins (done) | time=75ms
[INFO] 09:24:54.144 Process project properties
[INFO] 09:24:54.159 Process project properties (done) | time=15ms
[INFO] 09:24:54.170 Project key: /*********/.
[INFO] 09:24:54.171 Base dir: //*********/.
[INFO] 09:24:54.171 Working dir: //*********/.
[INFO] 09:24:54.179 Load project settings for component key: /*********/.'
[INFO] 09:24:54.293 Load project settings for component key: '/*********/.' (done) | time=114ms
[INFO] 09:24:54.318 Load project branches
[INFO] 09:24:54.386 Load project branches (done) | time=68ms
[INFO] 09:24:54.387 Load branch configuration
[INFO] 09:24:54.390 Auto detected BRANCH configuration with source develop using com.github.mc1arke.sonarqube.plugin.scanner.autoconfiguration.GitlabCiAutoConfigurer
[INFO] 09:24:54.390 Load branch configuration (done) | time=3ms
[INFO] 09:24:54.410 Load quality profiles
[INFO] 09:24:54.493 Load quality profiles (done) | time=83ms
[INFO] 09:24:54.500 Auto-configuring with CI 'Gitlab CI'
[INFO] 09:24:54.537 Load active rules
[INFO] 09:24:54.945 Load active rules (done) | time=408ms
[INFO] 09:24:54.952 Load analysis cache
[INFO] 09:24:54.997 Load analysis cache | time=45ms
[INFO] 09:24:55.069 Branch name: develop
[INFO] 09:24:55.091 Preprocessing files...
[INFO] 09:24:55.815 2 languages detected in 708 preprocessed files
[INFO] 09:24:55.815 334 files ignored because of inclusion/exclusion patterns
[INFO] 09:24:55.816 0 files ignored because of scm ignore settings
[INFO] 09:24:55.819 Loading plugins for detected languages
[INFO] 09:24:55.820 Load/download plugins
[INFO] 09:24:55.904 Load/download plugins (done) | time=84ms
[INFO] 09:24:56.126 Load project repositories
[INFO] 09:24:56.301 Load project repositories (done) | time=175ms
[INFO] 09:24:56.321 Indexing files...
[INFO] 09:24:56.321 Project configuration:
[INFO] 09:24:56.321   Excluded sources: **//*********/./inputs/**
[INFO] 09:24:56.322   Excluded tests: **/test/**, **/unitTest/**
[INFO] 09:24:56.351 708 files indexed
[INFO] 09:24:56.352 Quality profile for java: R9K Java Quality profile
[INFO] 09:24:56.352 Quality profile for xml: Sonar way
[INFO] 09:24:56.352 ------------- Run sensors on module /*********/.: A.0.0-SNAPSHOT
[INFO] 09:24:56.615 Load metrics repository
[INFO] 09:24:56.654 Load metrics repository (done) | time=39ms
[INFO] 09:24:56.686 Delphi Project Helper creation!!!
[INFO] 09:24:56.687 No exclude directories found in project configuration.
[INFO] 09:24:56.688 Delphi sensor DelphiSensor...
[INFO] 09:24:56.693 Delphi Project Helper creation!!!
[INFO] 09:24:56.693 No exclude directories found in project configuration.
[INFO] 09:24:57.361 Delphi sensor describe...
[INFO] 09:24:57.363 SurefireSensor sensor describe...
[INFO] 09:24:57.364 PMD sensor.describe
[INFO] 09:24:57.376 Delphi sensor describe...
[INFO] 09:24:57.376 SurefireSensor sensor describe...
[INFO] 09:24:57.376 PMD sensor.describe
[INFO] 09:24:57.377 Sensor JavaSensor [java]
[INFO] 09:24:57.385 Configured Java source version (sonar.java.source): 8, preview features enabled (sonar.java.enablePreview): false
[INFO] 09:24:57.426 Server-side caching is enabled. The Java analyzer will not try to leverage data from a previous analysis.
[INFO] 09:24:57.428 Using ECJ batch to parse 707 Main java source files with batch size 500 KB.
[INFO] 09:24:57.848 Starting batch processing.
[INFO] 09:24:58.578 The Java analyzer cannot skip unchanged files in this context. A full analysis is performed for all files.
[INFO] 09:25:09.408 100% analyzed
[INFO] 09:25:09.408 Batch processing: Done.
[INFO] 09:25:09.409 Did not optimize analysis for any files, performed a full analysis for all 707 files.
[INFO] 09:25:09.411 No "Test" source files to scan.
[INFO] 09:25:09.411 No "Generated" source files to scan.
[INFO] 09:25:09.411 Sensor JavaSensor [java] (done) | time=12034ms
[INFO] 09:25:09.411 Sensor JaCoCo XML Report Importer [jacoco]
[INFO] 09:25:09.417 Importing 1 report(s). Turn your logs in debug mode in order to see the exhaustive list.
[INFO] 09:25:09.584 Sensor JaCoCo XML Report Importer [jacoco] (done) | time=173ms
[INFO] 09:25:09.585 Sensor Java Config Sensor [iac]
[INFO] 09:25:09.615 0 source files to be analyzed
[INFO] 09:25:09.617 0/0 source files have been analyzed
[INFO] 09:25:09.617 Sensor Java Config Sensor [iac] (done) | time=32ms
[INFO] 09:25:09.618 Sensor SurefireSensor [java]
[INFO] 09:25:09.619 parsing [//*********/./target/surefire-reports/tests-report]
[INFO] 09:25:09.761 Sensor SurefireSensor [java] (done) | time=143ms
[INFO] 09:25:09.762 Sensor XML Sensor [xml]
[INFO] 09:25:09.763 1 source file to be analyzed
[INFO] 09:25:09.941 1/1 source file has been analyzed
[INFO] 09:25:09.941 Sensor XML Sensor [xml] (done) | time=180ms
[INFO] 09:25:09.941 Sensor com.github.mc1arke.sonarqube.plugin.scanner.ScannerPullRequestPropertySensor
[INFO] 09:25:09.942 Sensor com.github.mc1arke.sonarqube.plugin.scanner.ScannerPullRequestPropertySensor (done) | time=1ms
[INFO] 09:25:09.943 Sensor IaC Docker Sensor [iac]
[INFO] 09:25:10.025 0 source files to be analyzed
[INFO] 09:25:10.025 0/0 source files have been analyzed
[INFO] 09:25:10.026 Sensor IaC Docker Sensor [iac] (done) | time=83ms
[INFO] 09:25:10.026 Sensor TextAndSecretsSensor [text]
[INFO] 09:25:10.026 Available processors: 16
[INFO] 09:25:10.026 Using 16 threads for analysis.
[INFO] 09:25:10.411 Using git CLI to retrieve untracked files
[INFO] 09:25:10.804 Analyzing language associated files and files included via "sonar.text.inclusions" that are tracked by git
[INFO] 09:25:10.897 708 source files to be analyzed
[INFO] 09:25:11.123 708/708 source files have been analyzed
[INFO] 09:25:11.125 Sensor TextAndSecretsSensor [text] (done) | time=1099ms
[INFO] 09:25:11.129 ------------- Run sensors on project
[INFO] 09:25:11.324 Sensor Zero Coverage Sensor
[INFO] 09:25:11.326 Sensor Zero Coverage Sensor (done) | time=2ms
[INFO] 09:25:11.326 Sensor Java CPD Block Indexer
[INFO] 09:25:11.545 Sensor Java CPD Block Indexer (done) | time=219ms
[INFO] 09:25:11.582 SCM Publisher SCM provider for this project is: git
[INFO] 09:25:11.584 SCM Publisher 1 source file to be analyzed
[INFO] 09:25:12.504 SCM Publisher 1/1 source file have been analyzed (done) | time=919ms
[INFO] 09:25:12.527 CPD Executor 202 files had no CPD blocks
[INFO] 09:25:12.527 CPD Executor Calculating CPD for 505 files
[INFO] 09:25:12.601 CPD Executor CPD calculation finished (done) | time=74ms
[INFO] 09:25:12.609 SCM revision ID '************'
[INFO] 09:25:12.809 Load New Code definition
[INFO] 09:25:12.865 Load New Code definition (done) | time=56ms
[INFO] 09:25:12.921 Analysis report generated in 263ms, dir size=3.2 MB
[INFO] 09:25:13.559 Analysis report compressed in 637ms, zip size=1.9 MB
[INFO] 09:25:13.864 Analysis report uploaded in 305ms
[INFO] 09:25:13.867 ------------- Check Quality Gate status
[INFO] 09:25:13.867 Waiting for the analysis report to be processed (max 4000s)
[INFO] 09:33:43.093 QUALITY GATE STATUS: PASSED - View details on https://sonarqube./*********/.

I am missing something for sure, but I just would like to understand.

Thanks for your answer and your time.