sonarqube + lombok = 误报 [英] sonarqube + lombok = false positives

问题描述

import lombok.Data;

@Data
public class Filter {
    private Operator operator;
    private Object value;
    private String property;
    private PropertyType propertyType;
}

对于上面的代码，有 4 个 squid:S1068 报告关于未使用的私有字段.(即使它们被 lombok 生成的 getter 使用).我已经看到一些与支持lombok.Data"注释相关的修复程序已被推送，但仍然存在这些烦人的误报.

For code above there are 4 squid:S1068 reports about unused private fields. (even they are used by lombok generated getters). I've seen that some fixes related to support of "lombok.Data" annotation have been pushed, but still having these annoying false positives.

版本:SonarQube 6.4.0.25310
SonarJava 4.13.0.11627
用于 Jenkins (2.6.1) 的 SonarQube 扫描仪

Versions: SonarQube 6.4.0.25310
SonarJava 4.13.0.11627
SonarQube scanner for Jenkins (2.6.1)

推荐答案

这个案例SonarJava应该可以完美处理.至少从 3.14 版(SONARJAVA-1642)开始考虑 Lombok 注释.您遇到的问题是由于您的 Java 项目配置错误造成的.无需编写任何自定义规则来处理这个问题，这是分析器原生支持的.

This case should be perfectly handled by SonarJava. Lombok annotations are taken into account at least since version 3.14 (SONARJAVA-1642). The issues you are getting are resulting from a misconfiguration of your Java project. No need to write any custom rules to handle this, this is natively supported by the analyzer.

SonarJava 读取字节码以了解使用了哪些注解.因此，如果您不提供依赖项中的字节码，除了您自己的代码中的字节码之外，分析器的行为也会不稳定.

SonarJava reads bytecode to know which annotation are used. Consequently, if you are not providing bytecode from your dependencies, on top of bytecode from your own code, the analyzer will behave erratically.

特别是，设置属性 sonar.java.libraries 应该可以解决您的问题.请注意，此属性通常在使用 SonarQube maven 或 gradle 扫描仪时自动设置.

In particular, setting property sonar.java.libraries should solve your issue. Note that this property is normally automatically set when using SonarQube maven or gradle scanners.

请查看文档以正确配置您的项目:https://docs.sonarqube.org/display/PLUG/Java+Plugin+and+Bytecode

Please have a look at documentation in order to correctly configure your project: https://docs.sonarqube.org/display/PLUG/Java+Plugin+and+Bytecode

这篇关于sonarqube + lombok = 误报的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！