Support for Pro*C files

Is there really no way to see C code issues in Pro*C code? Over 80% of our C code is Pro*C (in source files we name *.sc). It would be great if it could scan the C code, even if it ignored the embedded SQL.
I’m evaluating SonarQube for our project, and this could really prevent it being useful for us.

Hi @pderr ,

no, there is no way to analyze Pro*C code and we currently don’t have a plan to support it. The only way I see is to separate the Pro*C code from the C one and analyze the C code.

Hello @pderr,

As Massimo said, we do not directly support Pro*C. However, there is a workaround that might be working nicely for you.

Since Pro*C relies on a preprocessor to generate some C code that is then compiled, one option that you could have would be to scan not only your source code, but also this generated code. This comes with a few caveats:

  • If an issue is reported in the generated code, you would have to manually infer where in the original source code lies this issue
  • Since the generated code is usually not under source control, you may not benefit from all the features related to tracking source control changes that we normally provide.
  • Since the code is generated, it may contain issues that are not relevant. But from what I remember from Pro*C, the generated code is relatively readable by a human being, so it should not be too bad.

If these limitation can work for you, the main thing to have it working is to make sure that the place where those files are generated is part of the sonar.sources configuration property. They should already be mentioned in the build-wrapper-dump.json file.

Please let us know what you decided to do, and contact us if you have difficulties.

Thank you,

1 Like