Skip to first unread message
andreas...@coremedia.com
Jun 9, 2016, 4:44:58 AM6/9/16
to SonarQube
Hi,
after I've updated from SonarQube 5.4 to 5.6 and from Java 7 to Java 8 for both the sonar-maven-plugin and the SonarQube server itself, Sonar reports violations of FindBugs Security rules that I suppressed in the code before.
(I've also updated the Java plugin from 3.13.1 to 3.14, but that's probably unrelated, right?)
It seems the following pattern for suppressing a violation in the code does not work anymore:
Instead I have to use // NOSONAR now to suppress it, e.g.
Using // NOSONAR is definitely not so nice, because it not only suppresses the mentioned rule but all Sonar rules.
Is this a new bug in Sonar? Is there a JIRA issue for this or can you open one? Thank you.
Cheers,
Andreas
ps: Suppressing violations in the SonarQube UI is no option for us. We want to have these in the source code.
after I've updated from SonarQube 5.4 to 5.6 and from Java 7 to Java 8 for both the sonar-maven-plugin and the SonarQube server itself, Sonar reports violations of FindBugs Security rules that I suppressed in the code before.
(I've also updated the Java plugin from 3.13.1 to 3.14, but that's probably unrelated, right?)
It seems the following pattern for suppressing a violation in the code does not work anymore:
@SuppressWarnings("findsecbugs:COMMAND_INJECTION")
public static int execute(String command) throws IOException, InterruptedException {
Process p = Runtime.getRuntime().exec(command);
...
Instead I have to use // NOSONAR now to suppress it, e.g.
public static int execute(String command) throws IOException, InterruptedException {
Process p = Runtime.getRuntime().exec(command); // NOSONAR
...
Using // NOSONAR is definitely not so nice, because it not only suppresses the mentioned rule but all Sonar rules.
Is this a new bug in Sonar? Is there a JIRA issue for this or can you open one? Thank you.
Cheers,
Andreas
ps: Suppressing violations in the SonarQube UI is no option for us. We want to have these in the source code.
Michael Gumowski
Jun 9, 2016, 9:55:54 AM6/9/16
to andreas...@coremedia.com, SonarQube
Hey Andreas,
Thanks a lot for the feedback. It is entirely and uniquely related to the update of the java plugin, and consequently a regression on its side. Note that the handling of the SuppressWarnings annotation has always been done by the java plugin. This mechanism was fully reworked in version of 3.14, which causes the issue you are getting.
I created the following ticket to handle the issue: https://jira.sonarsource.com/browse/SONARJAVA-1719
Cheers,
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/a439037a-1611-4964-9103-52b3f636f678%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages