Sonar + Lombok false positives on @Data annotation

Asked 7/10, 2019 at 10:37 Answered 18/4 at 11:37

java sonarqube lombok

I am getting a lot code smells from lombok generated code in Sonar. F.E.:

Method Dto.hashCode() stores return result in local before immediately returning it

Dto.equals(Object) is excessively complex, with a cyclomatic complexity of 58

How can I point out sonar that this should be skipped from analyze?

UPDATE

I've tried it already. My lombok.config file in root directory is:

config.stopBubbling = true
lombok.addLombokGeneratedAnnotation = true
lombok.equalsAndHashCode.callSuper = call

It doesn't helps

I've tried it already: sonarqube + lombok = false positives I've updated: sonar-project.properties in root directory to:

sonar.sources=src/main
sonar.tests=src/test
sonar.language=java
sonar.java.binaries=build/classes
sonar.junit.reportPaths=build/test-results/test/
sonar.jacoco.reportPaths=build/jacoco/jacocoTest.exec
sonar.java.libraries=.gradle/caches/**/lombok-*.jar

It doesn't work either.

Please don't close it. It is not duplication.

Drawtube answered 7/10, 2019 at 10:37 Comment(2)

Possible duplicate of sonarqube + lombok = false positives – Anaplastic 7/10, 2019 at 10:43

thanks @user7294900. I've also tried this solution. Did not help. I will update question – Drawtube 7/10, 2019 at 11:2

I just had the same issue. I am using sonar-scanner and figured out that it needs to set Lombok jar file using command line argument.

For example:

sonar-scanner -D sonar.java.libraries=/home/gitlab-runner/.gradle/caches/modules-2/files-2.1/org.projectlombok/lombok/1.18.10/625fc0055674dff70dbc76efa36d0f2c89b04a24/lombok-1.18.10.jar

Now SonarQube does not show any issues related with Lombok annotations.

Vincennes answered 28/10, 2019 at 7:30 Comment(1)

solved my problem, but the problem for me was sonar.java.libraries=m2/repositories and my lombok jar was in m2/repositories/org/projectlombok/lombok/lombok-1.18.24.jar – Apocalyptic 6/9, 2022 at 15:43

Methods generated by lombok need to be annotated with @Generated. Sonarqube will then ignore them.

Just add a file lombok.config in the project root directory, with the following content:

lombok.addLombokGeneratedAnnotation=true

Illume answered 7/10, 2019 at 10:48 Comment(1)

Sorry done this already. I will update question. Did help only for code test coverage :( – Drawtube 7/10, 2019 at 11:0

Be sure that lombok.jar is well inside the directory referenced in the sonar.java.libraries property.

I had the same problem, I added the property but I had put a reference to the directory of my runtime package that did not contains the lombok.jar!

lombok.jar is used at compile time and useless at runtime so we avoid to add it inside this directory.

Algarroba answered 1/7, 2021 at 7:54 Comment(0)

For me, the problem is related to the Sonar download optimization.

To solve, I just change this property from true to false in my build.gradle:

sonar {
    properties {
        // Download optimization deve ficar desabilitado devido a um problema do Sonar com as regras do Lombok
        // https://community.sonarsource.com/t/a-lot-of-false-positive-issues-related-to-lombok-after-sonarqube-upgrade/109764
        property "sonar.plugins.downloadOnlyRequired", "false"

        // ....
    }
}

More details: https://community.sonarsource.com/t/a-lot-of-false-positive-issues-related-to-lombok-after-sonarqube-upgrade/109764/3

Berkelium answered 18/4 at 11:37 Comment(0)

Recommended topics

Hot tags