Scanning C/C++ files in a Rust project

jake-rule4 · October 17, 2023, 3:29pm

Hey all,

I’m using SonarQube Developer 10.2.1.78527 deployed via Docker container, with SonarScanner 5.0.1.3006 and no other plugins/extensions.

I have a Rust project that I’m attempting to scan. The project is 90% Rust, and I’ve successfully scanned everything except for 10-ish C/C++ files that are included with the project. These files are primarily examples and SDKs. After reading SQ documentation, it appears that, regardless of which option I choose (build wrapper or compilation database), I need to build a C/C++ project with a C compiler.

I’m on an ARM Mac, so I need to use the compilation database option. Regardless, all instructions for both options reference using C compilers, when this project is built with Cargo.

Is there a way to scan C/C++ files like this that are part of a larger non-C/C++ project?

ganncamp · October 18, 2023, 1:46pm

Hi,

Welcome to the community!

Per the docs

For a C/C++/Objective-C analysis to be accurate, the analyzer needs to understand how the code is meant to be compiled. Compilation options, like macro definitions and include directories, can have a huge impact on the generated code and consequently on the analysis results.

So compilation is required if you want to analyze these files, whether they’re the entire project or just a small subset of another project.

Ann

aalvarez · October 18, 2023, 2:15pm

Hi,

when this project is built with Cargo.

But cargo ultimately calls a C++ compiler like clang or gcc, right? Are you using the cxx-build crate?

Out of curiosity, I have tried on their demo project

build-wrapper-linux-x86-64 --out-dir bwrapper cargo build

And I can see indeed the call to clang++ is captured

"compiler":"clang",
"cwd":"/home/alejandro.alvarez/source/3rd/cxx/demo",
"executable":"/usr/lib/llvm-17/bin/clang",
"cmd":[
"/usr/bin/clang++",
"-O0",
"-ffunction-sections",
"-fdata-sections",
"-fPIC",
"-gdwarf-4",
"-fno-omit-frame-pointer",
"--target=x86_64-unknown-linux-gnu",
"-I",
"/home/alejandro.alvarez/source/3rd/cxx/target/debug/build/demo-c973c12c0ce93a7a/out/cxxbridge/include",
"-I",
"/home/alejandro.alvarez/source/3rd/cxx/target/debug/build/demo-c973c12c0ce93a7a/out/cxxbridge/crate",
"-Wall",
"-Wextra",
"-std=c++14",
"-o",
"/home/alejandro.alvarez/source/3rd/cxx/target/debug/build/demo-c973c12c0ce93a7a/out/src/blobstore.o",
"-c",
"src/blobstore.cc"],

The CFamily plugin you have in your SQ version should provide a working build-wrapper for ARM Mac. Can you give it a try, and wrap the call to cargo build? Make sure you do a clean build.

system · October 25, 2023, 2:16pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.