sonar-findbugs
sonar-findbugs copied to clipboard
spotbugs
Gradle project scan failed with 'One (sub)project contains Java source files that are not compiled'
Issue Description
After upgrading the sonar-findbugs plugin version from v4.0.5 to v4.0.6, Gradle project scan failed with 'One (sub)project contains Java source files that are not compiled' I tried v4.1.6 and v4.2.0 but neither one succeeded (Although there are release notes that fixes the above issue when using higher than v4.0.5 (https://github.com/spotbugs/sonar-findbugs/releases/tag/4.0.6)
The error logs are like below.
WARN: JSP files were found in the current (sub)project (/home/www/data/jenkins/jenkins_home/workspace/test_sonar-findbugs_account-page-server) but FindBugs requires their precompiled form. For more information on how to configure JSP precompilation : https://github.com/find-sec-bugs/find-sec-bugs/wiki/JSP-precompilation WARN: Findbugs needs sources to be compiled. Please build project before executing sonar or check the location of compiled classes to make it possible for Findbugs to analyse your (sub)project (/home/www/data/jenkins/jenkins_home/workspace/test_sonar-findbugs_account-page-server). WARN: Property 'sonar.java.binaries' is not declared as multi-values/property set but was read using 'getStringArray' method. The SonarQube plugin declaring this property should be updated. INFO: ------------------------------------------------------------------------ INFO: EXECUTION FAILURE INFO: ------------------------------------------------------------------------ INFO: Total time: 7.157s INFO: Final Memory: 33M/1145M INFO: ------------------------------------------------------------------------ ERROR: Error during SonarScanner execution java.lang.IllegalStateException: Can not execute Findbugs at org.sonar.plugins.findbugs.FindbugsExecutor.execute(FindbugsExecutor.java:188)
Caused by: java.lang.IllegalStateException: One (sub)project contains Java source files that are not compiled (/home/www/data/jenkins/jenkins_home/workspace/test_sonar-findbugs_account-page-server). sonar.java.binaries was set to account-page-admin-web/build/classes Sonar JavaResourceLocator.classFilesToAnalyze was empty at org.sonar.plugins.findbugs.FindbugsConfiguration.buildMissingCompiledCodeException(FindbugsConfiguration.java:154) at org.sonar.plugins.findbugs.FindbugsConfiguration.initializeFindbugsProject(FindbugsConfiguration.java:124) at org.sonar.plugins.findbugs.FindbugsExecutor.execute(FindbugsExecutor.java:117) ... 31 more ERROR: ERROR: Re-run SonarScanner using the -X switch to enable full debug logging. WARN: Unable to locate 'report-task.txt' in the workspace. Did the SonarScanner succeed? ERROR: SonarQube scanner exited with non-zero code: 1
In addition, when trying to test with Maven project, I can see different error logs like below (For maven project also, sonar-findbugs higher than v4.0.5 doesn't resolve the issue)
[INFO] Sensor CSS Rules [cssfamily] [ERROR] CSS rules were not executed. Only Node.js v10 or later is supported, got 6. org.sonarsource.nodejs.NodeCommandException: Only Node.js v10 or later is supported, got 6. ...... [WARNING] JSP files were found in the current (sub)project (/home/www/data/jenkins/jenkins_home/workspace/test_sonar-findbugs/sample) but FindBugs requires their precompiled form. For more information on how to configure JSP precompilation : https://github.com/find-sec-bugs/find-sec-bugs/wiki/JSP-precompilation [WARNING] Findbugs needs sources to be compiled. Please build project before executing sonar or check the location of compiled classes to make it possible for Findbugs to analyse your (sub)project (/home/www/data/jenkins/jenkins_home/workspace/test_sonar-findbugs/sample). [WARNING] Property 'sonar.java.binaries' is not declared as multi-values/property set but was read using 'getStringArray' method. The SonarQube plugin declaring this property should be updated. ...... [ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.6.0.1398:sonar (default-cli) on project line-social: Can not execute Findbugs: One (sub)project contains Java source files that are not compiled
Environment
| Component | Version |
|---|---|
| SonarQube | 8.9.6 |
| Sonar-FindBugs | 4.0.6 |
| Maven | 3.3.9 |
| Gradle | 4.0 |
| Java | 1.8 |
Code (If needed)
public class BugSample1 {
public static void hello(String message) {
//Something
Runnable r = () -> System.out.println(message);
r.run();
}
}
These are the relevant parts of the logs:
WARN: JSP files were found in the current (sub)project (/home/www/data/jenkins/jenkins_home/workspace/test_sonar-findbugs_account-page-server) but FindBugs requires their precompiled form. For more information on how to configure JSP precompilation : https://github.com/find-sec-bugs/find-sec-bugs/wiki/JSP-precompilation
sonar.java.binaries was set to account-page-admin-web/build/classes
Sonar JavaResourceLocator.classFilesToAnalyze was empty
Is it a pure JSP project and are the JSP sources compiled into .class files?
The .class files should be account-page-admin-web/build/classes since that's what you're setting sonar.java.binaries to. Are the .class files corresponding to the JSP sources in that folder when you're running the analysis?
All the build settings are the same as when using sonar-findbugs 4.0.5 However, when we upgrade the plugin version to 4.0.6, the above issue occurred. It's a multi-module gradle project and all java sources are compiled into .class (under each module's build directory) (JSP files are excluded from compilation)
From sonar-findbugs v4.0.6, do we need to manually exclude JSP files from compilation & sonar scan? I wonder what's the difference between 4.0.5 & 4.0.6 regarding the JSP files compilation. (All the settings, sources are same but the above issue occurs when using v4.0.6)
Before 4.0.6 in multi modules Gradle builds, for each module Spotbugs would analyse the class files of the module but also of its dependent modules. So it made the analysis longer than necessary.
Before that a module without any compiled class files would get some if it had dependent modules and the plugin would fail to detect the problem.
Now it is telling you that your JSP module needs to be precompiled or Spotbugs can't analyse it. That's because Spotbugs works by analysing the bytecode from the class files.
You can enable the option to allow uncompiled code (see the plugin's main page) to skip modules without any class files
I used the option like below but it didn't work for it. Can you please check it? Still got the 'One (sub)project contains Java source files that are not compiled' error
- sonar.properties in the sample gradle multi-module projects
sonar.findbugs.allowuncompilecode=true - pom.xml in the sample maven projects
<sonar.findbugs.allowuncompilecode>true</sonar.findbugs.allowuncompilecode>
Unless I missed something the exception is not thrown when the option is set: https://github.com/spotbugs/sonar-findbugs/blob/8dee9c74b933af8c24befcbfa3a1507f58316c91/src/main/java/org/sonar/plugins/findbugs/FindbugsConfiguration.java#L123
I'm not sure how Sonar reads the properties in Gradle builds, maybe you need to set the property in the corresponding module.
I'd be happy to look into it if you can share a project reproducing the issue but may I ask why you're not pre compiling the JSP sources?
Is it right that the below settings are correct?
sonar.properties in the sample gradle multi-module projects sonar.findbugs.allowuncompilecode=true pom.xml in the sample maven projects <sonar.findbugs.allowuncompilecode>true</sonar.findbugs.allowuncompilecode>
Actually, I'm an administrator of the SonarQube in my company and there are various users using the plugin. Some of them want to keep their source codes unchanged and succeed to scan their projects with the upgraded plugin.
I don't know why the above settings(sonar.findbugs.allowuncompilecode) didn't work and keep getting the same error. :(
The setting seems right but maybe it's not at the right place so it's not picked up correctly, you probably saw that already but I can refer you to the Sonar doc: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-gradle/#header-4
Are you using Gradle and Maven? Your initial question was for Gradle but you're also refering to a pom file
It will be hard for me to help without being able to reproduce the issue or at least without some idea of how the project is structured
Thank you for the checking. Yes, our developers use various types of projects(i.e Gradle, Maven). I'll try to test again...
I've updated the integration tests of the project to confirm that sonar.findbugs.allowuncompilecode works as intended, you might also be able to use that as a sample.
The sample project root is here: https://github.com/spotbugs/sonar-findbugs/tree/master/src/test/resources/projects/multi-module
And there's a module with some uncompiled JSP sources: https://github.com/spotbugs/sonar-findbugs/tree/master/src/test/resources/projects/multi-module/multi-module-jsp-uncompiled
Without setting sonar.findbugs.allowuncompilecode the analysis fails as expected and after setting the property it works.
The property is set in the pom/gradle file of the JSP module.
That sample project is built with both Maven and Gradle so you can check how it's configured, hopefully that will help
In the end were you able to solve the problem? If there are no further questions I'll close this issue