Login/Register
How can we ignore some SonarQube rules in Java?
Asked Answered
Solved javasonarquberulessonar-runnersonarqube-scan
M

5

21

We recently started using SonarQube. We have found some rules that are suggested by SonarQube but we want to ignore them or give them a low priority and even configure the time suggested by SonarQube. For e.g

We want to avoid the rule (and/or configure the priority and time suggested by SonarQube) for

  1. Document this public class. and
  2. Complete the task associated to this TODO comment.

I couldn’t find a way to configure this rules to be ignored. We want this kind of rules to be ignored for the whole project not specific classes.

Configuring this values would help us to have a better time estimation to fix major issues and give low priority for the rules like the above two. We are using SonarQube 6

I appericiate your advice.

Minnie answered 23/8, 2016 at 19:26 Comment(3)
Create a new quality profile, and you can fine tune whatever you want.Paraselene
You can activate/deactivate rules (for profiles that your project is associated with) from the sonar web application. But must be loggedin to be able to that.Kuopio
@BheshGurung For the first one I wasn't able to find the exact tag to deactivate but the closest one I could find was "Public types, methods and fields (API) should be documented with Javadoc" (localhost:9000/coding_rules#q=Document this public class|languages=java). After I deactivate it, should I re run the scanner ? When I went to the analysis page and refresh, that tag still comes up and it still affects the total time that has to be spent on fixing bugs.Minnie
S
8

As noted in the comments, all you have to do is remove the rules from your profile or edit them to lower their priority. You need the Global Administer Quality Profiles permission to do that. Once you're logged in with that permission, go to the Rules interface, search for a rule you want to deactivate, select the rule, click on it, and Deactivate it from the relevant profile.

Sycophant answered 23/8, 2016 at 21:11 Comment(0)
O
35

If you have the id of the rule ypu want to ignore, then you can add the SuppressWarnings for that

Example:

@SuppressWarnings("squid:S0016")

I dont like this too much and use to add the comment //NOSONAR that tells SonarQube to ignore all errors for a specific line.

Example2:

If I do this:

System.setErr(System.out);
ConsoleHandler h = new ConsoleHandler(); 
System.setErr(err);

my sonar complains asking me to use logger instead of system.out...

therefore I can silent the warning doing:

System.setErr(System.out);  //NOSONAR 
ConsoleHandler h = new ConsoleHandler(); 
System.setErr(err);
Openmouthed answered 23/8, 2016 at 19:52 Comment(10)
Where do you this ? Is at a project level or class/file level ? Where do you find the squid ? I am a newbie for the tool.Minnie
at the file... java file... see example 2Gnaw
I appericiate your help but we have thousands of files (previous projects prior to using SonarQube ) and it's unlikely that we can change every class to use @SuppressWarnings. But we can def use them for new classes.Minnie
Thank you. I'll look in to it. Btw, once you make profile changes, do you have to re run the scanner to do analysis again or just refreshing the web page with the report will take out the rules that I deactivated ?Minnie
Nope... you need to run again the scannerGnaw
SuppressWarnings annotations or NOSONAR comments are not the right way to disable rules as they pollute the source code.Tectonic
@JulienL.-SonarSourceTeam yes, for sure, it makes the code dirty..., but there is another way to do that, something like in the Project.properties?? TnxsGnaw
@ΦXocę웃Пepeúpaツ As answered by Ann, you need to disable the rule from the quality profile.Tectonic
@JulienL.-SonarSourceTeam – When I do not want the rule at all, I have to switch in off in the configuration of the tool, confessed! But @SuppressWarnings() or //NOSONAR is the method of choice to deactivate an otherwise required rule for a single occurrence – like the line when the server prints its "I am alive" message on startup to the console, and not (only) to the log file. And it gives a potential editor to the source code an idea that here is something to have a closer look at.Sommerville
@Sommerville to be fair, the question was about disabling the rule globally, so the other answer is more correct. To ignore the warning in only specific locations, there is a separate questionErichericha
S
8

As noted in the comments, all you have to do is remove the rules from your profile or edit them to lower their priority. You need the Global Administer Quality Profiles permission to do that. Once you're logged in with that permission, go to the Rules interface, search for a rule you want to deactivate, select the rule, click on it, and Deactivate it from the relevant profile.

Sycophant answered 23/8, 2016 at 21:11 Comment(0)
C
5

The right thing to do is to put something like this on sonar-project.properties file per project:

sonar.issue.ignore.multicriteria=e1,e2
# tab characters should not be used
sonar.issue.ignore.multicriteria.e1.ruleKey=squid:S00105
sonar.issue.ignore.multicriteria.e1.resourceKey=**/*.java
# right curly braces should be on a new line
sonar.issue.ignore.multicriteria.e2.ruleKey=squid:RightCurlyBraceStartLineCheck
sonar.issue.ignore.multicriteria.e2.resourceKey=**/*.java
Corymb answered 17/12, 2020 at 12:32 Comment(0)
W
2

Perhaps these answers are somewhat old, as there is an easy way to do this in the SonarQube UI.

  1. Locate your project in SonarQube
  2. Click on the issues tab
  3. Click on a specific issue
  4. At the top, you'll see the issue code name (such as: typescript:S1135 or java:S107). Copy this code.
  5. At the top right of the screen click on Project Settings >> General Settings
  6. Click on the Analysis Scope tab on the left
  7. Scroll down to "Ignore Issues on Multiple Criteria"
  8. In this section you create your exclusion rules.

Examples

  • Ignore an issue everywhere: For example, if you want to ignore typescript:S1135 everywhere. You enter typescript:S1135 as the Rule Key Pattern and enter **/* as the File Path Pattern (** matches zero or more directories. * matches zero or more characters).
  • Ignore all issues in a specific file: Enter * as the Rule Key Pattern and the path (path/to/your/file.js) as the File Path Pattern.

More examples: https://docs.sonarqube.org/9.8/project-administration/narrowing-the-focus/#excluding-specific-rules-from-specific-files

Wite answered 7/4, 2023 at 15:21 Comment(0)
N
0

Also when you want to do multiple ignores you can do this:

@SuppressWarnings({"unchecked","Depreciated","Duplicates","squid:S3776"})
Nf answered 9/4 at 5:0 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.