sonar-pmd icon indicating copy to clipboard operation
sonar-pmd copied to clipboard

Published 20 hours ago verified publisher icon jborgers

Code Smell based on PMD rule is shown despite rule is not activated in Quality Profile

Open a89h4ya opened this issue 1 year ago • 6 comments

Hello,

we are using the sonar-pmd plugin v3.4.0 with Sonarqube Version 9.5 (build 56709) Enterprise Edition. We are currently experiencing the case that a Code Smell is shown based on the rule "Unused private method" (/sonar/coding_rules?open=pmd%3AUnusedPrivateMethod&rule_key=pmd%3AUnusedPrivateMethod):

image

However, the quality profile used for the sonar project does not have that rule activated:

image

In fact, IF we activate that rule for the profile, we get two Code Smells based on it:

image

Any idea what could cause this?

a89h4ya avatar Jul 11 '22 08:07 a89h4ya

Hi @a89h4ya,

We cannot reproduce your situation. Are the id's of the rules identical? Do they link to the same rule? What are the links? It seems not the same because they have a different tag and deprecation status.

Could it be that you are also running an old pmd plugin jar in SonarQube next to 3.4.0?

jborgers avatar Jul 11 '22 12:07 jborgers

Hi @jborgers,

thanks for the quick response.

I am not exactly sure how to check if they link to the same rule, could you probably explain what exactly you want me to check? I leveraged the api to get some infos, probably that will already help:

{"key":"AYHT3N74hbrhWcBq87Sr","projectKey":"epl:foobar","branch":"feature/EPLfoobar","path":"src/foobar1","lineNumber":"19","message":"Avoid unused private methods such as \u0027init()\u0027.","status":"OPEN","author":"barfoo","assignee":"barfoo","createdAt":"2021-05-06T10:18:44+0200","updatedAt":"2022-07-06T16:14:10+0200","ruleReference":"external_pmd:UnusedPrivateMethod","comments":[],"type":"CODE_SMELL","severity":"MAJOR","effort":"5"}, {"key":"AYHT3N77hbrhWcBq87Tl","projectKey":"epl:foobar","branch":"feature/EPLfoobar","path":"src/foobar2","lineNumber":"null","message":"Avoid unused private methods such as \u0027init()\u0027.","status":"CLOSED","author":"barfoo","assignee":"barfoo","createdAt":"2021-05-06T10:18:44+0200","updatedAt":"2022-07-07T13:32:47+0200","ruleReference":"external_pmd:UnusedPrivateMethod","comments":[],"type":"CODE_SMELL","severity":"MAJOR","resolution":"FIXED","effort":"5"}, {"key":"AYHrqeJRhbrhWcBqoTd5","projectKey":"epl:foobar","branch":"feature/EPLfoobar","path":"src/foobar3","lineNumber":"null","message":"Avoid unused private methods such as \u0027init()\u0027.","status":"CLOSED","author":"barfoo","assignee":"barfoo","createdAt":"2021-05-06T10:18:44+0200","updatedAt":"2022-07-11T07:19:52+0200","ruleReference":"pmd:UnusedPrivateMethod","comments":[],"type":"CODE_SMELL","severity":"MAJOR","resolution":"REMOVED","effort":"15","tags":"unused-code"},

They seem to have a different key.

I also checked the plugin folder and there was no older version of the plugin around. Also the support-json only lists the latest 3.4.0 version

a89h4ya avatar Jul 11 '22 15:07 a89h4ya

Okay, so you have two different rules, with references:

  1. external_pmd:UnusedPrivateMethod (non-deprecated and not in profile, still in use) and
  2. pmd:UnusedPrivateMethod (deprecated, in profile, behaving as expected)

The first part, before the ':' is the rule repository and the second part the rule-id. So it is the same rule, only from different rule repositories. It is unclear to me why the 1st one is there.

In sonar-pmd we use 'pmd' as the rule repository. Sonar cloud seems to use pmd-external, see https://stackoverflow.com/questions/52399322/sonarqube-what-is-rule-key Could it come from sonar cloud somehow? Have you use that? When you are searching rules, do you see those 2 repositories listed?

jborgers avatar Jul 11 '22 16:07 jborgers

We never had any connection with sonar cloud. The system was always an on-premises one. We do however import quality profiles of users when they migrated from another sonarqube instance to ours. I did an export of the current quality profile in questions and did not find any pmd rules. However, could it be that the quality profile came from a cloud instance and when we imported it there were rules associations created in the DB which will not be revealed by an export? I might get in contact with sonarsource, as the issue is quite mysterious.

EDIT: Regariding "When you are searching rules, do you see those 2 repositories listed?". No, I seem to only see the repo "PMD".

a89h4ya avatar Jul 14 '22 13:07 a89h4ya

That could be an explanation indeed. I hope sonarsource can help you further. Please let us know the outcome here.

jborgers avatar Aug 09 '22 13:08 jborgers

Hi @jborgers,

unfortunately the sonar support dropped the issue immediately as it is "related to a plugin". It is on my todo-list to reproduce the issue on our staging system but I need some stuff from the users which originaly had the issue in our instance and they are busy. I hope I can provide some new infos after reproducing and searching the database for a while.

a89h4ya avatar Aug 09 '22 14:08 a89h4ya

I found the issue. Our user seemed to also use PMD as an "external rule engine" during his process (Most likely without direct knowledge of what this causes). This generated a file pmd.xml with rules and issues based on those rules that were imported by sonarqube during its run.

When we then actually activated the PMD rules in the quality profile, we saw the code smells twice and with slightly different names, as now the issues from the external rule engine plus the ones generated by sonarqube were shown in parallel.

So, nothing is woring with the PMD plugin. Case closed.

a89h4ya avatar Aug 31 '22 11:08 a89h4ya