SonarQube Findbugs Plugin - Issue (Yes, Again)

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

SonarQube Findbugs Plugin - Issue (Yes, Again)

Kyle Smith
Hi SonarQube User Community,

I have searched through many of the threads on trying to configure the Findbugs plugin to work with SonarQube but have not found helpful information that will get this working.

I have however made a simple hello world java program and scanned the single source file and the single class file and this did work for Findbugs. My problem is scanning a larger project with numerous folders and .class files spread all over the place. When I specify a directory with .class files Findbugs still fails and causes the entire Execution to Fail.

I noticed that it does NOT work when specifying a .ear file simply in the sonar.binaries though. This would be very handy if it worked like that. I read this does not work for others either. Oh well. Anyways...back to more of my issues with Findbugs.

In my properties file I have several sources all separated by commas. In my binaries property I have a single path that leads to a folder of .class files.

Another problem I am having is that the debug output is cut off too short when running sonar-runner with the -X option.

Thank-you for reading. I know this is a popular topic and hope this can help someone else in a similar situation understand how to configure Findbugs with SonarQube.

Regards,

Reply | Threaded
Open this post in threaded view
|

Re: SonarQube Findbugs Plugin - Issue (Yes, Again)

G. Ann Campbell
Analysis logs would help. What is the failure message? 


Ann


On Wed, Jul 2, 2014 at 12:06 PM, What_Just_Happened <[hidden email]> wrote:
Hi SonarQube User Community,

I have searched through many of the threads on trying to configure the
/Findbugs/ plugin to work with /SonarQube/ but have not found helpful
information that will get this working.

I have however made a simple hello world java program and scanned the single
source file and the single class file and this did work for /Findbugs/. My
problem is scanning a larger project with numerous folders and .class files
spread all over the place. When I specify a directory with .class files
/Findbugs/ still fails and causes the entire Execution to Fail.

I noticed that it does NOT work when specifying a .ear file simply in the
sonar.binaries though. This would be very handy if it worked like that. I
read this does not work for others either. Oh well. Anyways...back to more
of my issues with /Findbugs/.

In my properties file I have several sources all separated by commas. In my
binaries property I have a single path that leads to a folder of .class
files.

Another problem I am having is that the debug output is cut off too short
when running sonar-runner with the -X option.

Thank-you for reading. I know this is a popular topic and hope this can help
someone else in a similar situation understand how to configure /Findbugs/
with /SonarQube/.

Regards,





--
View this message in context: http://sonarqube.15.x6.nabble.com/SonarQube-Findbugs-Plugin-Issue-Yes-Again-tp5026279.html
Sent from the SonarQube Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email





--
G. Ann CAMPBELL | SonarSource
Reply | Threaded
Open this post in threaded view
|

Re: SonarQube Findbugs Plugin - Issue (Yes, Again)

Kyle Smith
This post was updated on .
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
Total time: 1:01.282s
Final Memory: 14M/256M
INFO: ------------------------------------------------------------------------
ERROR: Error during Sonar runner execution
org.sonar.runner.impl.RunnerException: Unable to execute Sonar
        at org.sonar.runner.impl.BatchLauncher$1.delegateExecution(BatchLauncher.java:91)
        at org.sonar.runner.impl.BatchLauncher$1.run(BatchLauncher.java:75)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.sonar.runner.impl.BatchLauncher.doExecute(BatchLauncher.java:69)
        at org.sonar.runner.impl.BatchLauncher.execute(BatchLauncher.java:50)
        at org.sonar.runner.api.EmbeddedRunner.doExecute(EmbeddedRunner.java:102)
        at org.sonar.runner.api.Runner.execute(Runner.java:100)
        at org.sonar.runner.Main.executeTask(Main.java:70)
        at org.sonar.runner.Main.execute(Main.java:59)
        at org.sonar.runner.Main.main(Main.java:53)
Caused by: org.sonar.api.utils.SonarException: Can not execute Findbugs
        at org.sonar.plugins.findbugs.FindbugsExecutor.execute(FindbugsExecutor.java:154)
        at org.sonar.plugins.findbugs.FindbugsSensor.analyse(FindbugsSensor.java:59)
        at org.sonar.batch.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:79)
        at org.sonar.batch.phases.SensorsExecutor.execute(SensorsExecutor.java:70)
        at org.sonar.batch.phases.PhaseExecutor.execute(PhaseExecutor.java:131)
        at org.sonar.batch.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:178)
        at org.sonar.api.platform.ComponentContainer.startComponents(ComponentContainer.java:92)
        at org.sonar.api.platform.ComponentContainer.execute(ComponentContainer.java:77)
        at org.sonar.batch.scan.ProjectScanContainer.scan(ProjectScanContainer.java:199)
        at org.sonar.batch.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:194)
        at org.sonar.batch.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:187)
        at org.sonar.api.platform.ComponentContainer.startComponents(ComponentContainer.java:92)
        at org.sonar.api.platform.ComponentContainer.execute(ComponentContainer.java:77)
        at org.sonar.batch.scan.ScanTask.scan(ScanTask.java:56)
        at org.sonar.batch.scan.ScanTask.execute(ScanTask.java:44)
        at org.sonar.batch.bootstrap.TaskContainer.doAfterStart(TaskContainer.java:82)
        at org.sonar.api.platform.ComponentContainer.startComponents(ComponentContainer.java:92)
        at org.sonar.api.platform.ComponentContainer.execute(ComponentContainer.java:77)
        at org.sonar.batch.bootstrap.BootstrapContainer.executeTask(BootstrapContainer.java:175)
        at org.sonar.batch.bootstrap.BootstrapContainer.doAfterStart(BootstrapContainer.java:163)
        at org.sonar.api.platform.ComponentContainer.startComponents(ComponentContainer.java:92)
        at org.sonar.api.platform.ComponentContainer.execute(ComponentContainer.java:77)
        at org.sonar.batch.bootstrapper.Batch.startBatch(Batch.java:92)
        at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:74)
        at org.sonar.runner.batch.IsolatedLauncher.execute(IsolatedLauncher.java:48)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.sonar.runner.impl.BatchLauncher$1.delegateExecution(BatchLauncher.java:87)
        ... 9 more
Caused by: org.sonar.api.utils.SonarException: Findbugs needs sources to be compiled. Please build project before executing sonar and check the location of compiled classes.
        at org.sonar.plugins.findbugs.FindbugsConfiguration.getFindbugsProject(FindbugsConfiguration.java:85)
        at org.sonar.plugins.findbugs.FindbugsExecutor.execute(FindbugsExecutor.java:112)
        ... 38 more



Hi Ann,

Please see the failure part of the error log above.

Regards,

Reply | Threaded
Open this post in threaded view
|

Re: SonarQube Findbugs Plugin - Issue (Yes, Again)

G. Ann Campbell
Fascinatingly, I had to use the "View this message in context" link to see the error message; it didn't come through on the email I received.

What does your properties file look like? Also, what's the structure of the directory you said has all the class files? 


On Wed, Jul 2, 2014 at 1:58 PM, What_Just_Happened <[hidden email]> wrote:


Hi Ann,

Please see the failure part of the error log above.

Regards,

Kyle



--
View this message in context: http://sonarqube.15.x6.nabble.com/SonarQube-Findbugs-Plugin-Issue-Yes-Again-tp5026279p5026284.html
Sent from the SonarQube Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email





--
G. Ann CAMPBELL | SonarSource
Reply | Threaded
Open this post in threaded view
|

Re: SonarQube Findbugs Plugin - Issue (Yes, Again)

Kyle Smith
Properties file

#required metadata
sonar.projectKey=PROJECT:KEY
sonar.projectName=PROJECT NAME
sonar.projectVersion=1.0

#path to source directories (required)
sonar.sources=folder/folder1/folder2/folder3/src

sonar.host.url=http://localhost:9000

#sonar.libraries=bin/folders/more_folders/*.jar
sonar.binaries=bin/still_more/AndMoreFolders/MoreFolders/
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8

sonar.jdbc.driver=com.mysql.jdbc.Driver

sonar.jdbc.username=MyTopSecretUserName
sonar.jdbc.password=Password

---------------------------------end properties file-------------------------------------------------

Is this the information you needed? Does this help you troubleshoot my problem I mean?

I moved on to a different method of trying to specify modules which worked with findbugs but did not scan a single line of source code or results in issues, execution failure, because apparently the source folder not matching with the package name.

Thank-you for the help Ann.
Reply | Threaded
Open this post in threaded view
|

Re: SonarQube Findbugs Plugin - Issue (Yes, Again)

G. Ann Campbell
On Thu, Jul 3, 2014 at 1:38 PM, What_Just_Happened <[hidden email]> wrote:
 because apparently the source folder not matching
with the package name.


This is why I asked you about the structure of the directory holding your class files. I wasn't interested so much in where it is as I was in what it looks like inside.

On a related note, your properties file concerns me, in that it indicates that you're not necessarily working with a "fresh" build, but with a project that has been manipulated/dispersed after compile...?

I suspect this will go much more smoothly if you can possibly run the analysis right after the build. I.e. when the files are still in a tight organization of sources not far from classes, and everything still arranged properly by package. 

Alternately, you mentioned trying to point the analysis at an .EAR file. Perhaps you could unzip the .EAR and analyze the contents, which should be organized neatly & therefore easy to use...?

Finally, you shouldn't need to configure the sonar.jdbc.* properties in a project's sonar-project.properties file; that type of same-value-for-all configuration goes best in the [sonar-runner-home]/conf/sonar-runner.properties file.


HTH
Ann

 
Thank-you for the help Ann.



--
View this message in context: http://sonarqube.15.x6.nabble.com/SonarQube-Findbugs-Plugin-Issue-Yes-Again-tp5026279p5026325.html
Sent from the SonarQube Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email





--
G. Ann CAMPBELL | SonarSource
Reply | Threaded
Open this post in threaded view
|

Re: SonarQube Findbugs Plugin - Issue (Yes, Again)

Kyle Smith
Thanks Ann, for the feedback.

Alternately, you mentioned trying to point the analysis at an .EAR file. Perhaps you could unzip the .EAR and analyze the contents, which should be organized neatly & therefore easy to use...?

I tried to simply use the EAR file for the binaries but it did not work. When I unzipped this I was left with .jars, .wars, and some java class files from my understanding.

Reply | Threaded
Open this post in threaded view
|

Re: SonarQube Findbugs Plugin - Issue (Yes, Again)

Kyle Smith
In reply to this post by G. Ann Campbell
Alternately, you mentioned trying to point the analysis at an .EAR file. Perhaps you could unzip the .EAR and analyze the contents, which should be organized neatly & therefore easy to use...?

The .EAR file is de-compressed/unzipped. I have at least 20 folders or more containing class files. I do not have to list the path all the way to the .class byte code files correct?

I am not sure how to specify where these classes are. Currently, I am specifying the path all the way from the directory where the .properties file is to the class files I find.

Could you please help me with this? I think your advice works for my sub-modules type of .properties file but I am stuck with FindBugs again not being able to find the class files.

/*I hope this is not too confusing because I am sort of talking about two posts I made on the user group today - i.e. this post: http://sonarqube.15.x6.nabble.com/Sub-Modules-Properties-Files-td5026327.html */

Thank-you for reading this.  
Reply | Threaded
Open this post in threaded view
|

Re: SonarQube Findbugs Plugin - Issue (Yes, Again)

G. Ann Campbell
At this point I'm thoroughly confused, and not really understanding why your EAR file doesn't aggregate all the class files under one directory.

To answer your question, you need to point the classes location to the directory holding the folders named for the top-level packages, typically "com", "org", &etc. 

And yes, your path to that directory should be relative from the properties file location.


On Thu, Jul 3, 2014 at 10:16 PM, What_Just_Happened <[hidden email]> wrote:
*Alternately, you mentioned trying to point the analysis at an .EAR file.
Perhaps you could unzip the .EAR and analyze the contents, which should be
organized neatly & therefore easy to use...?*

The *.EAR* file is de-compressed/unzipped. I have at least 20 folders or
more containing class files. I do not have to list the path all the way to
the *.class* byte code files correct?

I am not sure how to specify where these classes are. Currently, I am
specifying the path all the way from the directory where the .properties
file is to the class files I find.

Could you please help me with this? I think your advice works for my
sub-modules type of *.properties* file but I am stuck with /FindBugs/ again
not being able to find the class files.

/*I hope this is not too confusing because I am sort of talking about two
posts I made on the user group today - i.e. this post:
http://sonarqube.15.x6.nabble.com/Sub-Modules-Properties-Files-td5026327.html
*/

Thank-you for reading this.



--
View this message in context: http://sonarqube.15.x6.nabble.com/SonarQube-Findbugs-Plugin-Issue-Yes-Again-tp5026279p5026333.html
Sent from the SonarQube Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email





--
G. Ann CAMPBELL | SonarSource
Reply | Threaded
Open this post in threaded view
|

Re: SonarQube Findbugs Plugin - Issue (Yes, Again)

Kyle Smith
Hi Ann,

Thank-you for the reply. That would be awesome if all my class files were under one directory in the EAR file. I am going to have to request this in the future. Thank-you again for the helpful information.  

I practiced with a more complicated java program this weekend and found that if I specify the directory up to the start of the beginning of the package then FindBugs can find the .class binaries it needs.

So if the full path is /folder/folder2/folder3/org/net/company/program and the package is org/net/company/program I would only specify sonar.binaries=folder/folder2/folder3/ if my project is in the folder directory.

I have a new question. I noticed that many .class files are mixed in with the source files. Should I specify the location of these binaries or the binaries in the EAR file? Also, does there need to be a 1 to 1 relationship between source file and binary file for FindBugs plugin to work?

Finally, do I need to specify every source file and binary file for it to work or can I only specify a subset to see if it works and then analyze more code as I get this scanning process working?

Thank-you for the help.
Reply | Threaded
Open this post in threaded view
|

Re: SonarQube Findbugs Plugin - Issue (Yes, Again)

G. Ann Campbell
Don't worry about having the sources mixed in with the classes. It's a not-uncommon practice, which allows last-ditch recovery of the deployed sources in case all other practices (e.g. proper source control) have failed. It doesn't add much weight to your deployed WAR/EAR and it allows the nervous types to sleep soundly at night. :-)

You won't have 1-to-1 correspondence between .java files and .class files; many java files will spawn multiple classes. Because you have this intermingling, you could point sources and classes to the same directory, but it's just cleaner in the long run if you point to a separate directory for sources (assuming you have one.)

Regarding trying to specify subsets for analysis, you'll make your life a lot simpler if you just point to the full set and use the exclusions settings in SonarQube to narrow the field of analysis.


Good luck!
Ann


On Mon, Jul 7, 2014 at 5:52 PM, What_Just_Happened <[hidden email]> wrote:
Hi Ann,

Thank-you for the reply. That would be awesome if all my class files were
under one directory in the EAR file. I am going to have to request this in
the future. Thank-you again for the helpful information.

I practiced with a more complicated java program this weekend and found that
if I specify the directory up to the start of the beginning of the package
then FindBugs can find the .class binaries it needs.

So if the full path is /folder/folder2/folder3/org/net/company/program and
the package is org/net/company/program I would only specify
sonar.binaries=folder/folder2/folder3/ if my project is in the folder
directory.

*I have a new question*. I noticed that many .class files are mixed in with
the source files. Should I specify the location of these binaries or the
binaries in the EAR file?* Also*, does there need to be a 1 to 1
relationship between source file and binary file for FindBugs plugin to
work?

*Finally*, do I need to specify every source file and binary file for it to
work or can I only specify a subset to see if it works and then analyze more
code as I get this scanning process working?

Thank-you for the help.




--
View this message in context: http://sonarqube.15.x6.nabble.com/SonarQube-Findbugs-Plugin-Issue-Yes-Again-tp5026279p5026411.html
Sent from the SonarQube Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email





--
G. Ann CAMPBELL | SonarSource
Reply | Threaded
Open this post in threaded view
|

Re: SonarQube Findbugs Plugin - Issue (Yes, Again)

Kyle Smith
Awesome. I appreciate all of the helpful feedback Ann.

I figured out how to use FindBugs with my scans now. If I specify the binary location for each module it works. The location of the binaries is just before the start of the package declaration for the source files before they are compiled to byte code. It also worked when decompressing the EAR and JAR files that contain the classes (binaries).

When you mention, "Regarding trying to specify subsets for analysis, you'll make your life a lot simpler if you just point to the full set and use the exclusions settings in SonarQube to narrow the field of analysis." I think this may work if the java source files are all in the same package. I noticed that SonarQube fails when creating a module and then specifying the sources attribute without regard for the package structure. So, for instance the base directory attribute should be from the root directory to the directory just before the start of the package the source code is in.

Thank-you again for the help Ann.