I used Java custom rules example to develop custom rules for SonarQube. I wrote a rule to check for null parameters. In the test file, I wrote file content A and it passed the verification normally. The file content is as follows:
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.apache.commons.lang3.ObjectUtils;
class NonCompliantMethod {
public void createProduct(String req) {
if (Objects.nonNull(req)) {
System.out.println("createProduct");
}
}
}
If I use test content B, I won’t be able to verify it, as shown below:
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.apache.commons.lang3.ObjectUtils;
class NonCompliantMethod {
public void createProduct(String req) {
if (ObjectUtils.isNotEmpty(req)) {
//This method does not perform null check on the input parameter req
System.out.println("createProduct");
//You can add some code logic here
}
}
}
But what’s even more bizarre is that if I package it as a jar file and send it to SonarQube to scan Java projects, situations A and B are normal. May I ask where the problem may be? My test files are in src \ test \ files, and my test classes are in src \ test \ java \ org \ sonar \ samples \ java \ checks. Is it my local Java custom rules example that needs to add any dependencies because of java. uli Objects is a built-in library, while Objectils is a library for org.apache.comons. I also added corresponding dependencies in POM, but it still hasn’t worked. Is it possible that this is related? The dependencies are as follows:
I think your best bet to find some help in this Community is to upload a compilable sample project that reproduces the issue (with this specific rule and test files).
Hello, I have uploaded the corresponding code project. When you open the project, you can see the test method ParameterNullCheckRuleTest. When you go to execute it, you will check the methods in ParameterNullCheckRule.jva under src \ test \ files. There are two methods, creatproduct1 and creatproduct2. creatproduct1 will report an error, while creatproduct2 will not. Normally, neither of these methods will report an error. However, if I package it as a jar and put it in the SonarQube client, and then run the corresponding Java project, neither of these methods will report an error example-122701.zip (8.9 MB)
Hello, thank you for your reply! This is my answer:
The first question: Because the version on my own computer corresponds to an older version, I didn’t think too much and just used it haha
Second question: The version of SonarQube I am using is SonarQube-8.9.10.61524, and the plugin version I am using is 6.15.1.26025
I suggest you start by making sure you’re using the latest example of the custom rules plugin, and that your tests are run against the latest version of SonarQube. SonarQube v8.9, like the example plugin you’re using, is more than 4 years old. I don’t think many developers will think it’s worth their time to troubleshoot such an old version!