[Reproductible BUG] Rule: "Unnecessary imports should be removed" not working (java)

Unused imports are not detected by sonarqube in a Java project.
I found a weird bug where adding a line of Java code makes sonarqube unable to detect unused imports.

How to reproduce:

1. Start sonarqube

docker run  --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:9.6-community

2. Clone a java spring-boot project containing unused imports

git clone https://github.com/cod-r/spring-boot.git

The project contains 2 unused imports in src/main/java/com/example/demo/controller/HomeController.java:

import java.io.File;
import org.springframework.web.bind.annotation.PostMapping;

3. Setup a new maven project from sonarqube UI to generate a new token
4. Run sonarqube analysis

./mvnw clean verify sonar:sonar   -Dsonar.projectKey=test   -Dsonar.host.url=http://localhost:9000   -Dsonar.login=sqp_ee327b03c0a3397bac5eb36efcbb79635d935069

5. Check the code smells. Nothing about imports will be shown.

The BUG:

I found a weird trick to make it detect the unused imports:

In the file spring-boot/HomeController.java at main · cod-r/spring-boot · GitHub
replace the line

return homeRepository.getReferenceById(1L).getMessage();

with

return "just a string";

Re run the sonarqube analysis

./mvnw clean verify sonar:sonar   -Dsonar.projectKey=test   -Dsonar.host.url=http://localhost:9000   -Dsonar.login=sqp_ee327b03c0a3397bac5eb36efcbb79635d935069

Now the unused imports will be detected.

EDIT:
I tried with java 11 and 17, and with sonarqube 7.9.6, 8.9.9 and latest

I found the problem but no solution. The problem is lombok’s @Data annotation.

My java class HomeMessage.java contains @Data annotation for generating getters and setters. Because in HomeController I’m calling the method .getMessage(), which is generated by lombok, the unused imports are not detected.
I also tried to set only @Getter @Setter instead of @Data but no luck.

I also tried to set sonar.java.libraries like:

<sonar.java.libraries>${user.home}/.m2/repository/org/projectlombok/lombok/**/*.jar</sonar.java.libraries>

Lombok version: 1.18.24

This is clearly a bug in sonarqube.

Is there any guideline on how to report this as a bug to sonarqube developers?

Hey there.

You’re in the right place – but not every bug can be investigated immediately. We appreciate the report and somebody will look at it soon.

Hi @Codrut_Panea,

Thanks for the message and sorry for the late reply. I’m currently investigating the issue. There is indeed strange behavior in our Lombok filter. I already have a couple of ideas so will keep you updated.

Best,
Margarita

Hi @Codrut_Panea,

Thanks for the feedback. I was able to reproduce such behavior. It looks like after we enabled the batch mode by default The Unused Import rule stopped working with the Lombok. So here is the ticket to handle this issue:
https://sonarsource.atlassian.net/browse/SONARJAVA-4313

For now, you can try disabling the batch mode and check if issues appear. You can do it by setting the property sonar.java.fileByFile=true. Note that this solution is ad-hoc and might influence the performance of the analysis.

Regards,
Margarita

Adding

<sonar.java.fileByFile>true</sonar.java.fileByFile>

solved the problem for the demo project I posted above.

But unfortunately it doesn’t work for my real bigger project which has more files and LOC.

What do you mean by “doesn’t work”? Is the issue still there, or analysis is failing?

Anyway, the ticket is now in our backlog and we will work on this sometime in the future. As mentioned before setting this property is not a solution and should be avoided unless absolutely necessary.

The issue is still there. There is a slight improvement when using fileByFile, but only a few unused imports are detected in the project. More than 90% of the unused imports are still not detected.

Could you please share the reproducer with me? This might be a different problem.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.