sonarqube +龙目岛=误报 [英] sonarqube + lombok = false positives
问题描述
import lombok.Data;
@Data
public class Filter {
private Operator operator;
private Object value;
private String property;
private PropertyType propertyType;
}
对于上面的代码,有4个squid:S1068报告有关未使用的私有字段. (即使它们是由龙目岛生成的吸气剂使用的).我已经看到一些与支持"lombok.Data"注释有关的修复程序已被推送,但是仍然存在这些令人讨厌的误报.
For code above there are 4 squid:S1068 reports about unused private fields. (even they are used by lombok generated getters). I've seen that some fixes related to support of "lombok.Data" annotation have been pushed, but still having these annoying false positives.
版本:
SonarQube 6.4.0.25310
SonarJava 4.13.0.11627
用于Jenkins的SonarQube扫描仪(2.6.1)
Versions:
SonarQube 6.4.0.25310
SonarJava 4.13.0.11627
SonarQube scanner for Jenkins (2.6.1)
推荐答案
这种情况应该由SonarJava完美处理.至少从版本3.14( SONARJAVA-1642 )开始考虑到Lombok注释.您遇到的问题是由于Java项目配置错误引起的.无需编写任何自定义规则来处理此问题,分析器本身支持.
This case should be perfectly handled by SonarJava. Lombok annotations are taken into account at least since version 3.14 (SONARJAVA-1642). The issues you are getting are resulting from a misconfiguration of your Java project. No need to write any custom rules to handle this, this is natively supported by the analyzer.
SonarJava读取字节码以了解所使用的注释.因此,如果您不从依赖项中提供字节码,那么在您自己的代码的字节码之上,分析器将无法正常工作.
SonarJava reads bytecode to know which annotation are used. Consequently, if you are not providing bytecode from your dependencies, on top of bytecode from your own code, the analyzer will behave erratically.
尤其是,设置属性sonar.java.libraries应该可以解决您的问题.请注意,通常在使用SonarQube maven或gradle扫描仪时会自动设置此属性.
In particular, setting property sonar.java.libraries should solve your issue. Note that this property is normally automatically set when using SonarQube maven or gradle scanners.
请查看文档以正确配置您的项目: https://docs.sonarqube.org/display/PLUG/Java+Plugin+and+Bytecode
Please have a look at documentation in order to correctly configure your project: https://docs.sonarqube.org/display/PLUG/Java+Plugin+and+Bytecode
这篇关于sonarqube +龙目岛=误报的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
