false positives "Add at least one assertion to this test case" for Mockito.verify
3,431 views
Skip to first unread message
hey...@gmail.com
Mar 5, 2018, 5:48:19 AM3/5/18
to SonarQube
We have a few smaller tests that only verify the mockito mock object. So, no assert, but we do check something.
We would not expect this rule ("Add at least one assertion to this test case") to go off on this code, but it does.
Looking at the docs, it says Mockito is supported. Is it? Should a verify be enough?
"
This rule raises an exception when no assertions from any of the following frameworks are found in a test:
Junit
Fest 1.x
Fest 2.x
Rest-assured 2.0
AssertJ
Hamcrest
Spring's org.springframework.test.web.servlet.ResultActions.andExpect()
Eclipse Vert.x
Truth Framework
Mockito
EasyMock
JMock
WireMock
"
We would not expect this rule ("Add at least one assertion to this test case") to go off on this code, but it does.
Looking at the docs, it says Mockito is supported. Is it? Should a verify be enough?
"
This rule raises an exception when no assertions from any of the following frameworks are found in a test:
Junit
Fest 1.x
Fest 2.x
Rest-assured 2.0
AssertJ
Hamcrest
Spring's org.springframework.test.web.servlet.ResultActions.andExpect()
Eclipse Vert.x
Truth Framework
Mockito
EasyMock
JMock
WireMock
"
hey...@gmail.com
Mar 5, 2018, 8:50:38 AM3/5/18
to SonarQube
squid:S2699
Michael Gumowski
Mar 5, 2018, 9:06:46 AM3/5/18
to hey...@gmail.com, SonarQube
Hello,
From what I can see in implementation of Rule S2699, method invocation of "org.mockito.Mockito.verify..." should be covered and correctly handled by the rule. So, to answer your question, having a call to Mockito.verify(...) should be enough to NOT raise any issue. Note that if the assertions is within the body of another method (called from the test), this won't be detected (see SONARJAVA-2192)
Could you please precise:
- How you are analyzing your project
- if using SonarScanner, you are maybe not providing mockito bytecode to the analysis
- What is the version of your SonarJava plugin
Regads,
Michael
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/fee1d57e-481e-4af5-ad17-d7ccc78c768f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Michael Gumowski | SonarSource
hey...@gmail.com
Mar 6, 2018, 2:43:18 AM3/6/18
to SonarQube
Hey Michael,
Thank you for the reply.
We use the maven task for Sonar analysis and SonarJava plugin 5.0.1 (build 12818)
Kind Regards,
Bert
Thank you for the reply.
We use the maven task for Sonar analysis and SonarJava plugin 5.0.1 (build 12818)
Kind Regards,
Bert
hey...@gmail.com
Mar 6, 2018, 7:48:49 AM3/6/18
to SonarQube
Update to 5.1.1 of SonarJava, but the false positives are still there.
Hereby a code example on which Sonar reports an code smell: "Add at least one assertion to this test case."
@Test
public void validateSomething() throws TechnicalErrorException {
when(myService.findId(anyString(), anyString(), any(Language.class)))
.thenReturn(null);
MyResource result = manager.validate("12", "12", Language.FR);
verify(myService).findId(anyString(), anyString(), any(Language.class));
assertEquals(ValidationStatus.INVALID, result.getStatus());
}
There is even an assertEquals in this case.
hey...@gmail.com
Mar 6, 2018, 7:56:45 AM3/6/18
to SonarQube
Nicolas Peru
Apr 27, 2018, 9:03:38 AM4/27/18
to hey...@gmail.com, SonarQube
Hi,
You would need to configure sonar.java.libraries and sonar.java.binaires to get accurate results, especially with this rule.
See https://docs.sonarqube.org/display/PLUG/Java+Plugin+and+Bytecode for a bit more details.
Cheers,
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/edd9b26d-8344-4c4a-be85-bc313a2f4bd1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Nicolas Peru | SonarSource
Senior Developer
Nicolas Peru
Apr 27, 2018, 9:07:13 AM4/27/18
to hey...@gmail.com, SonarQube
One more question : what is the build tool you are using for your java project ? And can you share your build definition ?
Bert Van der Heyden
May 3, 2018, 8:52:21 AM5/3/18
to Nicolas Peru, SonarQube
Dear,
In the end I learned that TFS is just calling the sonar:sonar maven goal behind the scenes. Sonar is not in our POM, but TFS adds it temporarily.
I tried your suggestion, but still the same. I added the
sonar.java.test.binaries property as you can see in the log below.
2018-05-03T12:23:16.3890553Z ##[debug]Running Maven with goal sonar:sonar and options: -Dmaven.test.failure.ignore=true -Drevision=20180503-02 -Dsonar.branch=develop -Dsonar.java.test.binaries=E:\Agents\4\_work\54\s\XXXA\target\test-classes,E:\Agents\4\_work\54\s\XXXB\target\test-classes -Dsonar.host.url="https://XXX/" -Dsonar.login=******** -Dsonar.password=********
2018-05-03T12:23:16.3890553Z ##[debug]Invoke - Maven cmdlet
However, I don't think that I should add the test.libraries as well. They are not all in some folder, but spread around in the maven repository. I assume that the Sonar plugin in Maven knows about the test scoped libraries.
Kind regards,
Bert
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/edd9b26d-8344-4c4a-be85-bc313a2f4bd1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Nicolas Peru | SonarSourceSenior Developer
https://sonarsource.com
Reply all
Reply to author
Forward
0 new messages