Login/Register
Turning Sonar off for certain code
Asked Answered
Solved javajenkinssonarqubefindbugs
S

7

278

Is it possible to turn off sonar (www.sonarsource.org) measurements for specific blocks of code, which one doesn't want to be measured?

An example is the "Preserve Stack Trace" warning which Findbugs outputs. When leaving the server, I might well want to only pass the message back to the client, not including the actual exception which I just caught, if that exception is unknown to the client (because the client doesn't have the JAR in which that exception was contained for example).

Sistrunk answered 10/6, 2012 at 20:9 Comment(0)
S
125

This is a FAQ. You can put //NOSONAR at the end of the line triggering the warning.

//NOSONAR

For most languages, SonarQube supports the use of the generic mechanism: //NOSONAR at the end of the line of the issue. This will suppress all issues - now and in the future - that might be raised on the line.

I prefer using the FindBugs mechanism though, which consists in adding the @SuppressFBWarnings annotation:

@edu.umd.cs.findbugs.annotations.SuppressFBWarnings(
    value = "NAME_OF_THE_FINDBUGS_RULE_TO_IGNORE",
    justification = "Why you choose to ignore it")
Stoecker answered 10/6, 2012 at 20:48 Comment(7)
Agreed. However, I'm not sure if Sonar correctly interprets @SuppressFBWarnings (added to avoid clashes with java.lang.SuppressWarnings) and also ignores it.Salaam
AFAIK, Sonar uses FindBugs. So if FindBugs handles these annotations, I don't see why they wouldn't work when running FindBugs through Sonar. Shouldn't be hard to test anyway.Stoecker
The FAQ link is outdated. Here is the new FAQJackdaw
Could you please provide other link to a SonarQube FAQ? I see a login form instead of FAQLambent
docs.sonarqube.org/latest/faq/#header-1Coomb
A space is needed "// NOSONAR" before NOSONAR.Divestiture
Even that updated FAQ link is now obsolete. Looks like SonarQube itself could benefit from a rule for that issue.Wootan
M
352

You can annotate a class or a method with SuppressWarnings

@java.lang.SuppressWarnings("squid:S00112")

squid:S00112 in this case is a Sonar issue ID. You can find this ID in the Sonar UI. Go to Issues Drilldown. Find an issue you want to suppress warnings on. In the red issue box in your code is there a Rule link with a definition of a given issue. Once you click that you will see the ID at the top of the page.

Monroy answered 1/4, 2015 at 21:5 Comment(6)
I can confirm that this also works with a specific FindBugs rule-ID, e.g. @SuppressWarnings("findbugs:UI_INHERITANCE_UNSAFE_GETRESOURCE").Mohawk
The problem is that Eclipse displays a warning Unsupported @SuppressWarnings("squid:S00112"). You can configure Eclipse to ignore this but then a typo such as in @SuppressWarnings("uncheckedd") will not be detected.Ileostomy
See docs.codescan.io/hc/en-us/articles/… for docs on @SuppressWarnings and Sonar.Unconditional
How do we add comments/justification when we suppress?Hognut
Looks like this answer should be marked as accepted.Speed
Fun fact: This annotation can also be added to a class variable or even a local variable.Mencher
J
141

I recommend you try to suppress specific warnings by using @SuppressWarnings("squid:S2078").

For suppressing multiple warnings you can do it like this @SuppressWarnings({"squid:S2078", "squid:S2076"})

There is also the //NOSONAR comment that tells SonarQube to ignore all errors for a specific line.

Finally if you have the proper rights for the user interface you can issue a flag as a false positive directly from the interface.

The reason why I recommend suppression of specific warnings is that it's a better practice to block a specific issue instead of using //NOSONAR and risk a Sonar issue creeping in your code by accident.

You can read more about this in the FAQ

Edit: 6/30/16 SonarQube is now called SonarLint

In case you are wondering how to find the squid number. Just click on the Sonar message (ex. Remove this method to simply inherit it.) and the Sonar issue will expand.

On the bottom left it will have the squid number (ex. squid:S1185 Maintainability > Understandability)

So then you can suppress it by @SuppressWarnings("squid:S1185")

Jackdaw answered 21/5, 2015 at 20:4 Comment(3)
Thanks for the hint to ingnoe multiple sonar cube warningsStila
The other issue with marking it as a false positive on the interface is that if for whatever reason the project is deleted and added again, all of the flags you have set will be gone.Geulincx
@Geulincx - Is there any way if same can be done in pom.xml file ? I've raise question here: #57790332Archfiend
S
125

This is a FAQ. You can put //NOSONAR at the end of the line triggering the warning.

//NOSONAR

For most languages, SonarQube supports the use of the generic mechanism: //NOSONAR at the end of the line of the issue. This will suppress all issues - now and in the future - that might be raised on the line.

I prefer using the FindBugs mechanism though, which consists in adding the @SuppressFBWarnings annotation:

@edu.umd.cs.findbugs.annotations.SuppressFBWarnings(
    value = "NAME_OF_THE_FINDBUGS_RULE_TO_IGNORE",
    justification = "Why you choose to ignore it")
Stoecker answered 10/6, 2012 at 20:48 Comment(7)
Agreed. However, I'm not sure if Sonar correctly interprets @SuppressFBWarnings (added to avoid clashes with java.lang.SuppressWarnings) and also ignores it.Salaam
AFAIK, Sonar uses FindBugs. So if FindBugs handles these annotations, I don't see why they wouldn't work when running FindBugs through Sonar. Shouldn't be hard to test anyway.Stoecker
The FAQ link is outdated. Here is the new FAQJackdaw
Could you please provide other link to a SonarQube FAQ? I see a login form instead of FAQLambent
docs.sonarqube.org/latest/faq/#header-1Coomb
A space is needed "// NOSONAR" before NOSONAR.Divestiture
Even that updated FAQ link is now obsolete. Looks like SonarQube itself could benefit from a rule for that issue.Wootan
I
16

Use //NOSONAR on the line you get warning if it is something you cannot help your code with. It works!

Impetrate answered 19/10, 2018 at 7:11 Comment(1)
Today, I get a warning if I use //NOSONAR. Super annoying.Chiekochien
A
6

I not be able to find squid number in sonar 5.6, with this annotation also works:

@SuppressWarnings({"pmd:AvoidCatchingGenericException", "checkstyle:com.puppycrawl.tools.checkstyle.checks.coding.IllegalCatchCheck"})
Asleep answered 15/3, 2017 at 14:39 Comment(1)
squid is for the Sonar-sourced Java database (SonarAnalyzer Java). pmd and checkstyle are on other rule repositories.Kincardine
C
6

Actually it's a tricky to understand which is the ID of issue so i used @SuppressWarnings("all") annotation which basically is applied of all rules but to be more precise is better to use the ID. Click to see picture -> Sonar Issue ID

So when click on "Why is this an issue?" in the red box, i you will get to a screen with explanation. On top of the screen in left side you can see rule name, and on the left the id of this rule. So to applied for this rule only you have to add this annotation to your class or method.

@SuppressWarnings("common-java:DuplicatedBlocks")

Concertina answered 23/6, 2021 at 13:5 Comment(0)
J
3

code complexity of any method is allowed only 15, if we have to resolve this issue without refactoring the methods we can use this at the top of method definition:-@SuppressWarnings({"java:S3776"})

Juju answered 7/3, 2023 at 6:15 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.