1. Overview
1.概述
During our builds, we can use various tools to report on the quality of our source code. One such tool is SonarQube, which performs static code analysis.
在我们的构建过程中,我们可以使用各种工具来报告我们的源代码的质量。其中一个工具是SonarQube,它可以执行静态代码分析。
Sometimes we may disagree with the results returned. We may, therefore, wish to exclude some code that has been incorrectly flagged by SonarQube.
有时我们可能不同意返回的结果。因此,我们可能希望排除一些被SonarQube错误地标记的代码。
In this short tutorial, we’ll look at how to disable Sonar checks. While it’s possible to change the ruleset on the SonarQube’s server, we’ll focus only on how to control individual checks within the source code and configuration of our project.
在这个简短的教程中,我们将看看如何禁用Sonar检查。虽然有可能改变SonarQube服务器上的规则集,但我们将只关注如何在我们项目的源代码和配置中控制单个检查。
2. Violation Example
2.违规实例
Let’s look at an example:
我们来看看一个例子。
public void printStringToConsoleWithDate(String str) {
System.out.println(LocalDateTime.now().toString() + " " + str);
}By default, SonarQube reports this code as a Code Smell due to the java:S106 rule violation:
默认情况下,由于java:S106规则的违反,SonarQube将此代码报告为Code Smell。
However, let’s imagine that for this particular class, we’ve decided that logging with System.out is valid. Maybe this is a lightweight utility that will run in a container and does not need a whole logging library just to log to stdout.
然而,让我们想象一下,对于这个特定的类,我们已经决定用System.out记录是有效的。也许这是一个轻量级的实用程序,它将在容器中运行,不需要整个日志库只是为了向stdout记录。
We should note that it’s also possible to mark a violation as a false-positive within the SonarQube user interface. However, if the code is analyzed on multiple servers, or if the line moves to another class after refactoring, then the violation will re-appear.
我们应该注意到,在SonarQube的用户界面上,也可以将一个违规行为标记为假阳性。然而,如果代码在多个服务器上被分析,或者在重构后该行移动到另一个类,那么该违规行为将重新出现。
Sometimes we want to make our exclusions within the source code repository so that they persist.
有时,我们想在源代码库中做出我们的排除法,这样它们就会持续存在。
So, let’s see how we can exclude this code from the SonarQube report by configuring the project.
因此,让我们看看如何通过配置项目将这段代码从SonarQube报告中排除。
3. Using //NOSONAR
3.使用//NOSONAR
We can disable a single line of code by putting a //NOSONAR at the end:
我们可以通过在末尾放一个//NOSONAR来禁用一行代码。
System.out.println(
LocalDateTime.now()
.toString() + " " + str); //NOSONAR lightweight loggingThe //NOSONAR tag at the end of the line suppresses all issues that might be raised on it. This approach works for most languages supported by SonarQube.
行末的//NOSONAR标签抑制了所有可能对其提出的问题。这种方法适用于大多数SonarQube支持的语言。
We’re also allowed to put some additional comments after NOSONAR explaining why we have disabled the check.
我们也被允许在NOSONAR后面加上一些额外的注释,解释我们为什么要禁用这个检查。
Let’s move forward and take a look at a Java-specific way to disable checks.
让我们继续前进,看一看禁用检查的一种Java特有的方法。
4. Using @SuppressWarnings
4.使用@SuppressWarnings
4.1. Annotating the Code
4.1.对代码的注释
In Java, we can exclude Sonar checks using the built-in @SuppressWarnings annotation.
在Java中,我们可以使用内置的@SuppressWarnings注解排除Sonar检查。
We can annotate the function:
我们可以对该函数进行注释。
@SuppressWarnings("java:S106")
public void printStringToConsoleWithDate(String str) {
System.out.println(LocalDateTime.now().toString() + " " + str);
}This works exactly the same way as suppressing compiler warnings. All we have to do is specify the rule identifier, in this case java:S106.
这与抑制编译器警告的工作方式完全相同。我们所要做的就是指定规则的标识符,在这里是java:S106。
4.2. How to Get the Identifier
4.2.如何获得标识符
We can get the rule identifier using the SonarQube user interface. When we’re looking at the violation, we can click Why is this an issue?:
我们可以使用SonarQube用户界面获得规则标识符。当我们在查看违规情况时,我们可以点击这是一个问题的原因?。
It shows us the definition. From this we can find the rule identifier in the top right corner:
它向我们显示了定义。由此,我们可以在右上角找到规则的标识符。
5. Using sonar-project.properties
5.使用sonar-project.properties
We can also define exclusion rules in the sonar-project.properties file using analysis properties.
我们还可以在sonar-project.properties文件中使用分析属性定义排除规则。
Let’s define and add the sonar-project.properties file to our resource dir:
让我们定义并添加sonar-project.properties文件到我们的资源目录中。
sonar.issue.ignore.multicriteria=e1
sonar.issue.ignore.multicriteria.e1.ruleKey=java:S106
sonar.issue.ignore.multicriteria.e1.resourceKey=**/SonarExclude.javaWe’ve just declared our very first multicriteria, named e1. We excluded the java:S106 rule for the SonarExclude class. Our definition can mix exclusions using rule identifiers and file matching patterns together, respectively in ruleKey and resourceKey properties preceded by the e1 name tag.
我们刚刚声明了我们的第一个multicriteria,名为e1。我们排除了java:S106规则的SonarExclude类。我们的定义可以使用规则标识符和文件匹配模式一起混合排除,分别在ruleKey和resourceKey属性中,前面是e1名称标签。
Using this approach, we can build a complex configuration that excludes particular rules across multiple files:
使用这种方法,我们可以建立一个复杂的配置,跨多个文件排除特定规则。
sonar.issue.ignore.multicriteria=e1,e2
# Console usage - ignore a single class
sonar.issue.ignore.multicriteria.e1.ruleKey=java:S106
sonar.issue.ignore.multicriteria.e1.resourceKey=**/SonarExclude.java
# Too many parameters - ignore the whole package
sonar.issue.ignore.multicriteria.e2.ruleKey=java:S107
sonar.issue.ignore.multicriteria.e2.resourceKey=com/baeldung/sonar/*.javaWe’ve just defined a subset of multicriteria. We extended our configuration by adding a second definition and named it e2. Then we combined both rules in a single subset, separating the names with a comma.
我们刚刚定义了multicriteria的一个子集。我们通过添加第二个定义来扩展我们的配置,并将其命名为e2。然后我们把这两条规则合并到一个子集中,用逗号把名字分开。
6. Disable Using Maven
6.禁止使用Maven
All analysis properties can be also applied using Maven properties. A similar mechanism is also available in Gradle.
所有的分析属性也可以使用Maven属性来应用。在Gradle中也有类似机制。
6.1. Multicriteria in Maven
6.1.Multicriteria in Maven
Returning to the example, let’s modify our pom.xml:
回到这个例子,让我们修改我们的pom.xml。
<properties>
<sonar.issue.ignore.multicriteria>e1</sonar.issue.ignore.multicriteria>
<sonar.issue.ignore.multicriteria.e1.ruleKey>java:S106</sonar.issue.ignore.multicriteria.e1.ruleKey>
<sonar.issue.ignore.multicriteria.e1.resourceKey>
**/SonarExclude.java
</sonar.issue.ignore.multicriteria.e1.resourceKey>
</properties>This configuration works exactly the same as if it were used in a sonar-project.properties file.
这个配置的作用与在sonar-project.properties文件中使用的完全相同。
6.2. Narrowing the Focus
6.2.缩小重点
Sometimes, an analyzed project may contain some generated code that we want to exclude and narrow the focus of SonarQube checks.
有时,被分析的项目可能包含一些生成的代码,我们希望将其排除在外,并缩小SonarQube检查的重点。
Let’s exclude our class by defining sonar.exclusions in our pom.xml:
让我们通过在pom.xml中定义sonar.exclusions来排除我们的类。
<properties>
<sonar.exclusions>**/SonarExclude.java</sonar.exclusions>
</properties>In that case, we’ve excluded a single file by its name. Checks will be performed for all files except that one.
在这种情况下,我们通过文件名排除了一个文件。将对除该文件外的所有文件进行检查。
We can also use file matching patterns. Let’s exclude the whole package by defining:
我们还可以使用文件匹配模式。让我们通过定义来排除整个包。
<properties>
<sonar.exclusions>com/baeldung/sonar/*.java</sonar.exclusions>
</properties>On the other hand, by using the sonar.inclusions property, we can ask SonarQube only to analyze a particular subset of the project’s files:
另一方面,通过使用sonar.inclusions属性,我们可以要求SonarQube只分析项目文件的一个特定子集。
<properties>
<sonar.inclusions>com/baeldung/sonar/*.java</sonar.inclusions>
</properties>This snippet defines analysis only for java files from the com.baeldung.sonar package.
这个片段仅对com.baeldung.sonar包中的java文件定义了分析。
Finally, we can also define the sonar.skip value:
最后,我们还可以定义sonar.skip值。
<properties>
<sonar.skip>true</sonar.skip>
</properties>This excludes the whole Maven module from SonarQube checks.
这将整个Maven模块排除在SonarQube检查之外。
7. Conclusion
7.结语
In this article, we discussed different ways to suppress certain SonarQube analysis on our code.
在这篇文章中,我们讨论了抑制我们代码上的某些SonarQube分析的不同方法。
We started by excluding checks on individual lines. Then, we talked about built-in @SuppressWarnings annotation and exclusion by a specific rule. This requires us to find the rule’s identifier.
我们从排除个别行的检查开始。然后,我们谈到了内置的@SuppressWarnings注释和通过特定规则排除。这需要我们找到规则的标识符。
We also looked at configuring the analysis properties. We tried multicriteria and the sonar-project.properties file.
我们还研究了配置分析属性的问题。我们尝试了multicriteria和sonar-project.properties文件。
Finally, we moved our properties to the pom.xml and reviewed other ways to narrow the focus.
最后,我们把我们的属性移到pom.xml,并审查了其他缩小焦点的方法。