【发布时间】:2021-05-15 00:16:53
【问题描述】:
我正在使用 Sonar-cxx 社区插件 v1.3.3 运行 SonarQube 社区版 (v7.9.5) 服务器
现在对于一个测试 C++ 项目,我已经生成了 cppcheck (v2.3) 分析报告并运行 sonar-scanner (https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.5.0.2216-linux.zip),如下所示。
$ pwd
/testproj
$ ls
file1.cc
$ cat file1.cc
int main()
{
char a[10];
a[10] = 0;
return 0;
}
$ cppcheck --enable=all --xml . 2> cppcheck_issues.xml
$ cat cppcheck_issues.xml
<?xml version="1.0" encoding="UTF-8"?>
<results version="2">
<cppcheck version="2.3"/>
<errors>
<error id="arrayIndexOutOfBounds" severity="error" msg="Array 'a[10]' accessed at index 10, which is out of bounds." verbose="Array 'a[10]' accessed at index 10, which is out of bounds." cwe="788" hash="11923574308940205340">
<location file="file1.cc" line="4" column="2" info="Array index out of bounds"/>
</error>
<error id="unreadVariable" severity="style" msg="Variable 'a[10]' is assigned a value that is never used." verbose="Variable 'a[10]' is assigned a value that is never used." cwe="563" hash="9507758794529763218">
<location file="file1.cc" line="4" column="7"/>
<symbol>a[10]</symbol>
</error>
</errors>
</results>
$ sonar-scanner \
-Dsonar.host.url=<sonar-host-url>\
-Dsonar.login=<sonar-token>\
-Dsonar.projectName=testproj\
-Dsonar.projectKey=testproj\
-Dsonar.projectVersion=0.1\
-Dsonar.cxx.cppcheck.reportPath=cppcheck_issues.xml\
-Dsonar.exclusions=cppcheck_issues.xml
INFO: Scanner configuration file: /code/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.5.0.2216
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 4.1.12-124.43.4.el7uek.x86_64 amd64
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /code/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: Analyzing on SonarQube server 7.9.5
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=142ms
INFO: Server id: 22633092-AXeMotAnTu7ckErSxqZC
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=73ms
INFO: Load/download plugins (done) | time=141ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=9ms
INFO: Project key: testproj
INFO: Base dir: /testproj
INFO: Working dir: /testproj/.scannerwork
INFO: Load project settings for component key: 'testproj'
INFO: Load project settings for component key: 'testproj' (done) | time=74ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=99ms
INFO: Load active rules
INFO: Load active rules (done) | time=1167ms
WARN: SCM provider autodetection failed. Please use "sonar.scm.provider" to define SCM of your project, or disable the SCM Sensor in the project settings.
INFO: Indexing files...
INFO: Project configuration:
INFO: Excluded sources: cppcheck_issues.xml
INFO: 1 file indexed
INFO: 0 files ignored because of inclusion/exclusion patterns
INFO: Quality profile for c++: Sonar way
INFO: ------------- Run sensors on module testproj
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=41ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/root/.sonar/cache/866bb1adbf016ea515620f1aaa15ec53/sonar-javascript-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
INFO: Sensor C++ (Community) SquidSensor [cxx]
INFO: Load project repositories
INFO: Load project repositories (done) | time=31ms
INFO: Sensor C++ (Community) SquidSensor [cxx] (done) | time=312ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=9ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=3ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=23ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=27ms
INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
INFO: 1 file had no CPD blocks
INFO: Calculating CPD for 0 files
INFO: CPD calculation finished
INFO: Analysis report generated in 157ms, dir size=79 KB
INFO: Analysis report compressed in 22ms, zip size=12 KB
INFO: Analysis report uploaded in 58ms
INFO: ANALYSIS SUCCESSFUL, you can browse <sonar-host-url>/dashboard?id=testproj
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at <sonar-host-url>/api/ce/task?id=AXeQLS1KTu7ckErSxt5M
INFO: Executing post-job 'Final report'
INFO: Turn debug info on to get more details (sonar-scanner -X -Dsonar.verbose=true ...).
INFO: Analysis total time: 5.510 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 7.283s
INFO: Final Memory: 12M/44M
INFO: ------------------------------------------------------------------------
现在项目已在 SonarQube 中成功创建/更新;但是,SonarQube 中没有报告这些问题。有人可以建议可能是什么原因? Please refer the snapshot of the project in SonarQube
注 1:sonar.cxx.suffixes.sources 在 SonarQube 服务器配置中配置为 C++(社区)插件的“.cc”值。而且,没有看到其他具有相同配置密钥的插件。
注意 2:在 ce.log 中没有看到错误/警告
【问题讨论】:
标签: sonarqube sonarqube-scan cppcheck