SonarScanner.MSBuild.exe scans nonexisting module

zdenko-s · July 25, 2022, 11:46am

I am using sonar-scanner-msbuild-5.7.1.49528-net46
When running end phase, I get error:

ERROR: File mysource/mylib/precompiled.cpp can't be indexed twice. Please check that inclusion/exclusion patterns produce disjoint sets for main and test files

Problem is that scanner tries to analyze module which is not part of solution. Log shows:

INFO: Indexing files of module 'MyProjectTestDotNet'
INFO:   Base dir: C:\src
INFO:   Source paths: .
INFO:   Excluded sources: cpp, h, c

When invoking start phase, I specified SonarScanner.MSBuild.exe begin /k:"MyProjectTestDotNet" as project key. Scanner goes to top of source and scans already scanned files.
IMHO. This is bug. MyProjectTestDotNet is not in the list of the projects of solution, it is ProjectKey argument /key:MyProjectTestDotNet.

Zdenko

ganncamp · July 25, 2022, 3:25pm

Hi,

What version of SonarQube are you using?

Ann

zdenko-s · July 26, 2022, 6:05am

Hi,

Enterprise Edition Version 9.5 (build 56709)
Although, I do not see reason why server version is relevant. It is client tool error. It scans local folders (modules) of solution. Before exiting with error, it correctly listed 5-6 modules which are part of VS solution. Log clearly shows that tool wrongly specifies module which is not part of the solution.

Zdenko

ganncamp · July 26, 2022, 1:43pm

Hi Zdenko,

Server version is relevant because analysis runs logic that’s shipped with -and downloaded from - the server. So if you’re running an EOL server version (and sadly, many people are) then it’s not likely we can be much help.

Can you post the full text of your job log, please?

Thx,
Ann

zdenko-s · July 27, 2022, 6:06am

Hello,
I am not sure that I am allowed to share publicly information about scan There are about 90 lines of log.
There is interesting thing I noticed.
I run again same commands and I did not get this error but different (separate story). I was wondering what happened. Than I realized that did not specify /s: option when I run SonarScanner.MSBuild.exe begin phase. I rerun begin phase and specified settings file. This time I got expected error about scanning non existing module when running end pahse. My sonar settings file:

<SonarQubeAnalysisProperties  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.sonarsource.com/msbuild/integration/2015/1">
  <Property Name="sonar.sources">.</Property>
  <Property Name="sonar.exclusions">cpp,h,c</Property>
  <Property Name="sonar.scm.provider">git</Property>
</SonarQubeAnalysisProperties>

duncanp · July 27, 2022, 7:25am

@zdenko-s you should not need to set sonar.sources when using the SonarScanner for .NET. The scanner will use the project files to determine the files to analyse.

Try removing the setting from the file.

zdenko-s · July 27, 2022, 12:38pm

That is exactly the root of the problem.
Project I am scanning has a reference to another project (library), written in managed C++. It is wrapper around native C++ code. All those projects are part of the solution. When I run msbuild, I specify msbuild ..\solution.sln /t:ChatLib. As you see, I run scan inside subdirectory of project/module.
Here I get error that C++ code should be preprocessed by build-wrapper. We already scanned C++ code and we do not care about it right now. Reason I add sonar.properties file is to ignore C++ projects.
If I omit /s: argument, I get error about C++ files
I tried following:

Clean solution
Build C++ libraries
SonarScanner.MSBuild.exe begin mark the begin phase
msbuild …\solution.sln /t:ChatLib this would build only cs code. Msbuild sees that dependencies are up to date.
SonarScanner.MSBuild.exe end

This does not help. I still get error about C++ and build-wrapper. I added properties file to exclude C++ from analyse.

duncanp · July 27, 2022, 1:45pm

@zdenko-s setting the sonar.exclusions property should be enough to exclude C++ files from the analysis.

However, the pattern of your sonar.exclusions is not correct. It should be something like **/*.cpp,**/*.h,**/*.c. Or you could exclude the directories containing the C++ code.

See the Narrowing the Focus page for more information on the supported patterns.

zdenko-s · July 28, 2022, 6:00am

Thanks for clarification.
Problem I reported still persist. If I specify settings file option, k option is considered as a name of the module. Please take a look into earlier message. Console output shows

INFO: Indexing files of module 'MyTestDotNet'
INFO:   Base dir: C:\src
INFO:   Source paths: .
INFO:   Excluded sources: **/*.cpp, **/*.h, **/*.c
INFO: 2320 files indexed...(last one was CP/webapp/themes/sinchcustom/UR/ls/sinchcustom2/standards.less)
INFO: 3780 files indexed...  (last one was Client/src/***/***/util/BindingUtils.js)

For some reason, scanning start three levels up and goes through whole source tree. Look at the log line Base dir: C:\src. Current directory when invoking command is C:\src\product\solutionfolder\modulefoler. When invoking msbuild, I run msbuild ..\WS.sln /t:MyLib. Solution includes dozen of projects. To reach some of projects, relative path goes 3 levels up, than down to module. It may be the reason why Base dir is 3 levels up.

duncanp · July 29, 2022, 8:47am

Yes; if you are building a solution, then the scanner will calculate the base directory as the root folder that contains all of the projects in the solution.

If I understand correctly:

you are building a solution that contains multiple projects.
some of those projects have already been built and analysed (the C++ ones)
you want those projects to be ignored for analysis purposes.

If you are using MSBuild to build your C++ projects, you can exclude them from analysis by adding the property

  <PropertyGroup>
    <SonarQubeExclude>true</SonarQubeExclude>
  </PropertyGroup>

If you are building the same solution twice, once to analyze C++ code and once to analyze the C# code, you might need to add a condition e.g.

  <PropertyGroup>
    <SonarQubeExclude Condition=" $(SkipCppAnalysis) == 'true' ">true</SonarQubeExclude>
  </PropertyGroup>

… and then set SkipCppAnalysis on the command line when calling MSBuild e.g. -p:SkipCppAnalysis=true

zdenko-s · July 29, 2022, 2:02pm

Hello,
Your understandings are correct. C++ scanning works fine.
I saw documentation part about modifying vcxproj but I was considering it intrusive.
I am familiar with MSBuild conditional directives (PropertyGroup). I did it many times. I will do it and come back with results next week.
FYI
I am not building the same solution twice. There is separate solution to build C++libraries. Build script never builds solution, it always builds projects. It is irrelevant since settings you specified goes to particular project file.
Zdenko

zdenko-s · August 1, 2022, 7:04am

Great. This helped. I added unconditional exclusion.
Out of curiosity. Does C++ build-wrapper.exe takes into account this setting? (Of course, I could test it but I would like to hear official statement).
If build-wrapper.exe ignores thia peojwct property, then no need to conditionally exclude .vcxproj files. Build-wrapper (if not excluded) scans it, what we want. SonarScanner.MSBuild.exe will ignore .vcxproj file.

Zdenko

PS
I still see scanning module with name of Sonar project.
INFO: ------------- Run sensors on module P4
INFO: ------------- Run sensors on module ChL
INFO: ------------- Run sensors on module ICI
INFO: ------------- Run sensors on module CL
INFO: ------------- Run sensors on module WL
INFO: ------------- Run sensors on module LIPC
INFO: ------------- Run sensors on module MyTestDotNet

duncanp · August 3, 2022, 3:10pm

@zdenko-s,

The build wrapper is not aware of this property.

Essentially, the SonarScanner for .NET collects information from the MSBuild project files to work out which files should be passed to the Sonar server.

This setting tells the scanner not to include any files from that particular MSBuild project.

system · August 17, 2022, 7:39am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.