问题
I develop a Java library which is intended for applications based on JDK5. Tools used to build applications require JDK7 or bigger. I use version 8 update 45:
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
After the analysis I received a lot of False Positives on methods that are implementing interface specification, e.g:
public interface FileScanner {
Collection<File> getFiles(File directory, String[] includes, String[] excludes);
}
(see full sources: https://github.com/gabrysbiz/maven-plugin-utils)
I found that rule makes decisions based on bytecode (see Jira ticket). My class major version is equal to 49 which is related to JDK5 (see major version numbers)
$ javap -verbose AntFileScanner.class
Classfile /D:/Projects/maven-plugin-utils/sources/plugin-utils/target/classes/biz/gabrys/maven/plugin/util/io/AntFileScanner.class
Last modified 2015-07-16; size 1881 bytes
MD5 checksum 7ea340377469b44df88d5936c2ff4134
Compiled from "AntFileScanner.java"
class biz.gabrys.maven.plugin.util.io.AntFileScanner implements biz.gabrys.maven.plugin.util.io.FileScanner
minor version: 0
major version: 49
flags: ACC_SUPER
I run the analysis using Jenkins 1.619 with SonarQube Plugin 2.2.1. I use SonarQube 5.1.1 with Java Plugin 3.4.
How can I correct it?
回答1:
Some other people have the same problem, as you can see in the link:
http://blog.gmane.org/gmane.comp.java.sonar.general/page=91
I tried to solve by using the 'sonar.java.source' and 'sonar.java.target' as suggested:
http://docs.sonarqube.org/display/SONAR/Features+details
But I think it only works now for the PMD Plugin:
http://docs.sonarqube.org/display/PLUG/PMD+Plugin
Then, I saw the JIRA ticket. So, actually there is a bug in this situation. The JIRA CR is closed, but the problem still happens on Java 5: https://jira.sonarsource.com/browse/SONARJAVA-249
"In fact we can't implement this rule right now. The @Override annotation has source retention and is removed by the compiler. So our only chance to detect it is from the AST. But, we can detect if a method actually overrides another one only from the bytecode currently. So this rule depends on the symbol table being available from checks."
There is a new unresolved CR to solve this, https://jira.sonarsource.com/browse/SONARJAVA-818.
When fixed, it will use the property 'sonar.java.source' I said before.
So, to solve this while the fix is not ready, we have two options:
1) Mark it as 'false positive' on the server;
2) Use a '@SuppressWarnings' annotation using the rule reference (S1161):
http://docs.sonarqube.org/display/PLUG/Java+FAQ
In this case your code would be:
public class FileScannerImpl implements FileScanner {
@SuppressWarnings("squid:S1161")
Collection<File> getFiles(File directory, String[] includes, String[] excludes) {
[...]
}
}
回答2:
This was fixed in Java Plugin 3.9 (SONARJAVA-818, see release notes).
来源:https://stackoverflow.com/questions/31460783/how-to-enforce-the-correct-behavior-for-the-squids1161-rule-override-annota