@SuppressWarnings behaviour changed since SonarQube 8.X

alban.auzeill · August 3, 2020, 4:24pm

The java analyzer plugin provided in SonarQube before 8.X, was filtering issues of all other plugin targeting the java language. It was not intentional, from the java analyzer plugin point of view, but users were able to filter rules like:

@SuppressWarnings({"java:S1166", "javasecurity:S5131", "findsecbugs:PATH_TRAVERSAL_IN"})

Since SonarQube 8.X, the java analyzer plugin only filters its own issues and issues from its custom rules and not any more issues from other plugins like javasecurity or findsecbugs.

Note
This topic is related to @SuppressWarnings are not honored by the SonarQube 7.9 anymore
But the impact on SonarQube 7.9 LTS was considered as regression and the topic has been resolved by a bug fix release 6.3.2 of the java analyzer.
By contrast, this topic is about SonarQube 8.X and the problem is not resolved.

pgabor · August 3, 2020, 4:25pm

Hi,

Thank you for the information, I faced with the same problem with SonarQube 8.3.1. Can we expect a solution in the near future for SonarQube 8.x? Will there be a ticket what can be tracked?

Is it possible to workaround this somehow?

Thanks in advance!

luk219 · December 23, 2020, 11:20am

Any news on this issue? We are still facing the problem with SonarQube 8.5.1 and Sonar Java 6.8.0…

jborgers · January 4, 2021, 12:10pm

The sonar issue Fix the regression on issue filtering by reverting SONARJAVA-3241 before SQ 8.x LTS says it is fixed in Java analyzer plugin 6.10.

It is not yet clear which SonarQube version this will be, still 6.3.2 in sonar 8.3; see plugin-version-matrix.

Michael · January 4, 2021, 1:43pm

Hello @jborgers,

The Java analyzer version 6.10 is currently only available on SonarCloud and the latest release of SonarLint. It is currently planned to be shipped with SonarQube 8.7, which should be the next release of SonarQube.

Regards,
Michael

jborgers · January 4, 2021, 6:44pm

Hi @Michael, thanks for the update.

I just replaced sonar-java-plugin-6.8.0.23379.jar with sonar-java-plugin-6.10.0.24201.jar under my local Sonar 8. Unfortunately, SuppressWarnings using @SuppressWarnings(“pmd:XXX”) are still not suppressed, so the new version does not seem to have the desired effect.

Michael · January 11, 2021, 1:40pm

Wow, thanks a LOT for testing and reporting back! After investigation, it seems that the revert we did in 6.10 is not working as expected (because it was not real revert…), and our ITs went through without failing…

I created the following ticket to handle it: SONARJAVA-3652. The fix will be included in version 6.11, to be released at the end of the week.

This version will then be part of next SQ 8.7 (replacing version 6.10). It will also be deployed on SonarCloud.

Cheers,
Michael

jborgers · January 8, 2021, 1:17pm

Hi @michael,

You are welcome, hoping it will be fixed soon.
Any idea when 6.11 will be downloadable?

cheers, Jeroen

jborgers · January 11, 2021, 12:32pm

Hi @Michael,

I tested a snapshot version and it works as expected again! Nice.

Looking forward to the release, so we fix our Sonar 8 and don’t have to roll back to 7.9

cheers, Jeroen

Michael · January 11, 2021, 1:40pm

Hey,

Good to know, thank you for the following up @jborgers.

The release of Java Analyzer 6.11 is most probably going to happen between today and tomorrow. It should then be available publicly in the upcoming days.

Cheers,
Michael

alban.auzeill · January 18, 2021, 1:16pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.