问题
I am trying to use SonarQube for static code analysis for my organization. All our C# projects already have StyleCop enabled which has helped us a lot in terms of code readability. Now we want to utilize SonarQube for static code analysis.
I successfully hosted the SonarQube server locally following the guidelines provided here. I am able to run the analysis successfully and generate the sonarqube report when there are no warning-suppressions in the code.
ISSUE: Sonarqube does not consider in-code warning-suppressions and msbuild fails.
I created a sample C# console application project to demo the problem I am facing.
StyleCop is enabled (Installed nuget: StyleCop.Analyzers v1.1.118) and warnings are converted to errors. Below is the snippet of the ruleset
...
...
...
<Rules AnalyzerId="StyleCop.Analyzers" RuleNamespace="StyleCop.Analyzers">
...
...
<Rule Id="SA1307" Action="Error" />
...
...
The project has the below files: 1. Program.cs
// <copyright file="Program.cs" company="PlaceholderCompany">
// Copyright (c) PlaceholderCompany. All rights reserved.
// </copyright>
namespace StyleCopSonarQubeIssue
{
/// <summary>
/// The program class.
/// </summary>
internal class Program
{
/// <summary>
/// Defines the entry point of the application.
/// </summary>
/// <param name="args">The arguments.</param>
public static void Main(string[] args)
{
// Method intentionally left empty.
}
}
}
- SystemInfo.cs
// <copyright file="SystemInfo.cs" company="PlaceholderCompany">
// Copyright (c) PlaceholderCompany. All rights reserved.
// </copyright>
namespace StyleCopSonarQubeIssue
{
using System.Runtime.InteropServices;
/// <summary>
/// The sytem info enum.
/// </summary>
[StructLayout(LayoutKind.Sequential)]
public struct SystemInfo
{
/// <summary>
/// Oem Id.
/// </summary>
public uint dwOemId;
/// <summary>
/// Page size.
/// </summary>
public uint dwPageSize;
}
}
- packages.config
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="StyleCop.Analyzers" version="1.1.118" targetFramework="net452" developmentDependency="true" />
</packages>
- GlobalSuppressions.cs
[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("StyleCop.CSharp.NamingRules", "SA1307:Accessible fields should begin with upper-case letter", Justification = "Native code.", Scope = "member", Target = "~F:StyleCopSonarQubeIssue.SystemInfo.dwPageSize")]
[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("StyleCop.CSharp.NamingRules", "SA1307:Accessible fields should begin with upper-case letter", Justification = "Native code.", Scope = "member", Target = "~F:StyleCopSonarQubeIssue.SystemInfo.dwOemId")]
- App.config (default - no changes)
Build the project - SUCCESS
Follow the guidelines by SonarQube to analyze the above project.
SonarScanner.MSBuild.exe begin /k:"StyleCopSonarQubeIssue" /d:sonar.host.url="http://localhost:9000" /d:sonar.login=""
MsBuild.exe /t:Rebuild You will be below error after this statement:
Microsoft (R) Build Engine version 14.0.27530.0
Copyright (C) Microsoft Corporation. All rights reserved.
Build started 2019-07-22 11:17:25 AM.
The target "RazorCoreCompile" listed in a BeforeTargets attribute at "C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\.sonarqube\bin\targets\SonarQube.Integration.targets (453,49)" does not exist in the project, and will be ignored.
Project "C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue.csproj" on node 1 (Rebuild target(s)).
CoreClean:
Creating directory "obj\Debug\".
GenerateBindingRedirects:
No suggested binding redirects from ResolveAssemblyReferences.
CreateProjectSpecificDirs:
Creating directory "C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\.sonarqube\conf\0".
CoreCompile:
C:\Program Files (x86)\MSBuild\14.0\bin\csc.exe /noconfig /nowarn:1701,1702 /nostdlib+ /platform:anycpu32bitpreferred /errorreport:prompt /warn:4 /define:DEBUG;TRACE /highentropyva+ /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.2\Microsoft.CSharp.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.2\mscorlib.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.2\System.Core.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.2\System.Data.DataSetExtensions.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.2\System.Data.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.2\System.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.2\System.Net.Http.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.2\System.Xml.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5.2\System.Xml.Linq.dll" /debug+ /debug:full /filealign:512 /optimize- /out:obj\Debug\StyleCopSonarQubeIssue.exe /ruleset:"C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\.sonarqube\conf\0\merged.ruleset" /errorlog:"C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\bin\Debug\StyleCopSonarQubeIssue.exe.RoslynCA.json" /subsystemversion:6.00 /target:exe /warnaserror- /utf8output /analyzer:C:\Users\bshah\AppData\Local\Temp\.sonarqube\resources\0\Google.Protobuf.dll /analyzer:C:\Users\bshah\AppData\Local\Temp\.sonarqube\resources\0\SonarAnalyzer.CSharp.dll /analyzer:C:\Users\bshah\AppData\Local\Temp\.sonarqube\resources\0\SonarAnalyzer.dll /analyzer:C:\Users\bshah\AppData\Local\Temp\.sonarqube\resources\1\Google.Protobuf.dll /analyzer:C:\Users\bshah\AppData\Local\Temp\.sonarqube\resources\1\SonarAnalyzer.dll /analyzer:C:\Users\bshah\AppData\Local\Temp\.sonarqube\resources\1\SonarAnalyzer.VisualBasic.dll /analyzer:..\packages\StyleCop.Analyzers.1.1.118\analyzers\dotnet\cs\StyleCop.Analyzers.CodeFixes.dll /analyzer:..\packages\StyleCop.Analyzers.1.1.118\analyzers\dotnet\cs\StyleCop.Analyzers.dll /additionalfile:"C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\.sonarqube\conf\cs\SonarLint.xml" /additionalfile:"C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\.sonarqube\conf\0\ProjectOutFolderPath.txt" GlobalSuppressions.cs Program.cs Properties\AssemblyInfo.cs SystemInfo.cs "C:\Users\bshah\AppData\Local\Temp\.NETFramework,Version=v4.5.2.AssemblyAttributes.cs"
Using shared compilation with compiler from directory: C:\Program Files (x86)\MSBuild\14.0\bin
Program.cs(10,20): warning S1118: Add a 'protected' constructor or the 'static' keyword to the class declaration. [C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue.csproj]
_CopyAppConfigFile:
Copying file from "App.config" to "bin\Debug\StyleCopSonarQubeIssue.exe.config".
C:\Program Files (x86)\MSBuild\14.0\bin\Microsoft.Common.CurrentVersion.targets(3813,5): error MSB3030: Could not copy the file "obj\Debug\StyleCopSonarQubeIssue.exe" because it was not found. [C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue.csproj]
Done Building Project "C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue.csproj" (Rebuild target(s)) -- FAILED.
Build FAILED.
"C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue.csproj" (Rebuild target) (1) ->
(CoreCompile target) ->
Program.cs(10,20): warning S1118: Add a 'protected' constructor or the 'static' keyword to the class declaration. [C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue.csproj]
"C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue.csproj" (Rebuild target) (1) ->
(CopyFilesToOutputDirectory target) ->
C:\Program Files (x86)\MSBuild\14.0\bin\Microsoft.Common.CurrentVersion.targets(3813,5): error MSB3030: Could not copy the file "obj\Debug\StyleCopSonarQubeIssue.exe" because it was not found. [C:\Users\bshah\Documents\Visual Studio 2015\Projects\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue\StyleCopSonarQubeIssue.csproj]
1 Warning(s)
1 Error(s)
Time Elapsed 00:00:00.96
Check the detailed errors \bin\Debug*.exe.RoslynCA.json file and you will see that the warnings that are suppressed in GlobalSuppression.cs are not considered. So the C# compiler does not generate the .exe and msbuild fails.
Any pointers???
回答1:
It looks like this compiler bug.
The bug is that there are circumstances in which asking the compiler to write analysis issues to a file stops the compiler from generating the .dll/.exe file. However, the compiler doesn’t emit any errors either. The build then fails in a later step when MSBuild tries to copy the non-existent file.
You can check if you’re affected by this bug by doing the following:
- Disable the SonarQube/SonarCloud analysis steps.
- Execute the build and check that it completes successfully
- Now add the following MSBuild parameter in the MSBuild step:
/p:ErrorLog=RoslynIssues.jsonthen check that the build still completes successfully.
If (2) succeeds but (3) fails then you’re affected by the compiler bug.
Workarounds/solutions: the bug has been fix in MSBuild 16.1 so the fix is to upgrade to the latest version of the compiler. If that isn’t possible, then an option is to change the severities of the issues being raised from Error to Warning by editing the ruleset.
(note: answer copied from this external thread)
来源:https://stackoverflow.com/questions/57149708/sonarscanner-c-not-honoring-in-code-stylecop-warning-suppression