SonarQube + Lombok configuration

13
votes

I am starting a new project and I need to Use SonarQube, and I want to use Lombok, I already configured it within Eclipse and everything works fine except the static analysis.

  • Unusued private fields: When I have a @Data class, all the fields are reported as Unused private field.
  • @Getter(lazy=true): When I use this annotation I get the Redundant nullcheck of value known to be non-null see @Getter(lazy=true) (this is related to compiled code).

I think a possible solution is delombok the project, compile and run Sonar.

Similar issues in SonarQube Jira:

(The @SuppressWarnings("PMD.UnusedPrivateField") solution don't work with latest SonarQube 4.2 )

How can I solve this problem?

4
sonarqubelombok

4 Answers

7
votes

As a workaround, I'm now letting sonar do the analysis over the code that delombok generates.

I guess this is also not a perfect solution, because I'm analyzing generated code instead of code that is actually written by a developer. I find it's a better solution though than using @SuppressWarnings, //NOSONAR or switching off rules in Sonar itself.

See below an example to achieve this in Maven. Add this to your pom.xml:

<properties>
    ...
    <!-- This is exposed as a workaround to do the sonar analysis in combination with delombok -->
    <src.dir>src/main/java</src.dir>
    ...
</properties>
...
<plugins>
    ...
    <plugin>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok-maven-plugin</artifactId>
        <version>${lombok-plugin.version}</version>
        <executions>
            <execution>
                <phase>verify</phase>
                <goals>
                    <goal>delombok</goal>
                </goals>
                <configuration>
                    <addOutputDirectory>false</addOutputDirectory>
                    <sourceDirectory>src/main/java</sourceDirectory>
                </configuration>
            </execution>
        </executions>
    </plugin>
    ...
</plugins>
...
<profiles>
...
<profile>
        <!-- we have to use this profile to analyse code with sonar until https://jira.codehaus.org/browse/MSONAR-70 is fixed ! -->
        <id>sonar</id>
        <properties>
            <src.dir>target/generated-sources/delombok</src.dir>
        </properties>
        <build>
            <plugins>
                <plugin>
                    <groupId>org.projectlombok</groupId>
                    <artifactId>lombok-maven-plugin</artifactId>
                    <version>${lombok-plugin.version}</version>
                    <executions>
                        <execution>
                            <phase>verify</phase>
                            <goals>
                                <goal>delombok</goal>
                            </goals>
                            <configuration>
                                <addOutputDirectory>true</addOutputDirectory>
                                <sourceDirectory>src/main/java</sourceDirectory>
                            </configuration>
                        </execution>
                    </executions>
                </plugin>
                <plugin>
                    <groupId>org.codehaus.mojo</groupId>
                    <artifactId>sonar-maven-plugin</artifactId>
                    <version>2.2</version>
                </plugin>
            </plugins>
        </build>
    </profile>
    ...
</profiles>
2
votes

I asked a similar question some time ago: sonarqube 4.2 and lombok

Basically, you can't do it with annotation (like @SuppressWarnings) in the code anymore. Instead, you need to set up a (global) rule exclusion in SonarQube:

Click on Settings -> Exclusions -> Issues and adding entries in 'Ignore Issues on Multiple Criteria' section, and enter something like:

Rule Key Pattern  File Path Pattern
squid:S1068       **/models/**/*.java

It makes your source code a little bit cleaner (since you don't need @SuppressWarnings anymore), but I don't like the idea of setting global rules, as it may cause other problems.

Update:

For 'Redundant nullcheck of value known to be non-null', you can add something like following:

Rule Key Pattern                                   File Path Pattern
findbugs:RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE  **/xxxxx.java

And another one that may (or may not) be useful for you:

Rule Key Pattern                        File Path Pattern
common-java:InsufficientBranchCoverage  **/models/**/*.java
0
votes

for multi-modules projects, building on what is mentioned in finrod's answer, I had to add below property in my sonar profile to avoid having duplicated violations (Sonar was analysing both src/main/java and target/generated-sources/delombok) 

<properties>

    <!-- Sonar will analyze the delombokized version of the code -->
    <sonar.exclusions>src/main/java/**/*</sonar.exclusions>

</properties>