Threshold on java:S1192 rule not factoring into scans

Hello,

My company has SonarQube Enterprise version 8.3.1.34397 with Java plugin version 6.3.2 (build 22818).

We’ve branched a Quality Profile off of the default Sonar way profile, made this new profile the default Quality Profile and have changed rule java:S1192 to be a Blocker level issue to tighten down on developers copying strings vs using a constant. The custom Blocker level setting is working fine.

Our issue is when we changed the threshold of the number of allowable duplicate strings from the default (3) to 10 occurrences. Developers are getting failed Quality Gates on less than 10 duplicate literals. I made sure the Quality Profile assigned to projects is the new one, and everything looks to be set right. We haven’t had this issue with changing other rules, so we’re thinking this is unique to the threshold of java:S1192.

Thank you!

Hey @KendrickH,

Thanks for the feedback.

As it seems indeed to come from the java analyzer side, I tried to reproduce the issue on my machine, with (almost) the same configuration [I have a 8.3.0 and cannot update to 8.3.1, since our latest release is now 8.4]. Unfortunately I can not reproduce the issue on my side. The java analyzer, scanner and SonarQube version are behaving fine and my QP fails only when I have more than 10 duplicated Strings.

  • Can you maybe share what scanner you are using with your project? (I tried with a sample maven project)
  • Can you share the logs of the analysis?
  • Could you try to reproduce this with a small sample project having a single simple class?

Thanks,
Michael

Hey @Michael, thanks for replying.

So I bound my IDE using SonarLint to my SonarQube server on a sample project, and the threshold works fine. I then fed it into our Jenkins pipeline which uses SonarScanner version sonar-scanner-4.2.0.1873 and it still worked, so I’m unsure of why we’re having an issue on the other projects. I’m going to reach out to the developers on those projects today and have them notify me when they make a Pull Request or change to their branches so I can get a better idea of what’s happening. I’ll check if they’re using SonarLint and see if it’s happening locally. I’ll also go ahead and update my SQ release to the latest over the weekend to have the most up to date version. I’m going to do those things then I’ll post again with logs if the issue is still occurring.

I’ll make an update Monday to either have this issue closed or with logs reproducing the issue.

Thanks again,
Kendrick

1 Like

Morning,

So I checked the issues for the scanned projects today, and the thresholds look to be working just fine. I’m going to chalk the issue up to human (me) error, as that’s far more likely than anything else. I don’t see a way to close this thread out, but my question is answered.

Thank you,
Kendrick

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.