Merge branch 'master' into sq-10

spotbugs · Aug 27, 2024 · a8f3f67 · a8f3f67
2 parents e5207d6 + 26126d8
commit a8f3f67
Show file tree

Hide file tree

Showing 18 changed files with 225 additions and 235 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -18,41 +18,19 @@ jobs:
  build:
  runs-on: ubuntu-latest
  strategy:
+ fail-fast: false
  matrix:
  include:
- # previous LTS version
- - SONAR_SERVER_VERSION: 7.9
- SONAR_PLUGIN_API_VERSION: 7.9
- SONAR_PLUGIN_API_GROUPID: org.sonarsource.sonarqube
- SONAR_JAVA_VERSION: 5.13.1.18282
- SONAR_SERVER_JAVA_VERSION: 11
- # current LTS version
- - SONAR_SERVER_VERSION: 8.9.9.56886
- SONAR_PLUGIN_API_VERSION: 8.9.9.56886
- SONAR_PLUGIN_API_GROUPID: org.sonarsource.sonarqube
- SONAR_JAVA_VERSION: 6.15.1.26025
- SONAR_SERVER_JAVA_VERSION: 11
- - SONAR_SERVER_VERSION: 9.7.0.61563
- SONAR_PLUGIN_API_VERSION: 9.11.0.290
- SONAR_PLUGIN_API_GROUPID: org.sonarsource.api.plugin
- SONAR_JAVA_VERSION: 7.14.0.30229
- SONAR_SERVER_JAVA_VERSION: 11
  # 9.9 LTS 
  - SONAR_SERVER_VERSION: 9.9.0.65466
  SONAR_PLUGIN_API_VERSION: 9.14.0.375
- SONAR_PLUGIN_API_GROUPID: org.sonarsource.api.plugin
- SONAR_JAVA_VERSION: 7.16.0.30901
  SONAR_SERVER_JAVA_VERSION: 17
  # 10.x 
  - SONAR_SERVER_VERSION: 10.4.0.87286
  SONAR_PLUGIN_API_VERSION: 10.6.0.2114
- SONAR_PLUGIN_API_GROUPID: org.sonarsource.api.plugin
- SONAR_JAVA_VERSION: 7.30.1.34514
  SONAR_SERVER_JAVA_VERSION: 17
  - SONAR_SERVER_VERSION: 10.6.0.92116
  SONAR_PLUGIN_API_VERSION: 10.7.0.2191
- SONAR_PLUGIN_API_GROUPID: org.sonarsource.api.plugin
- SONAR_JAVA_VERSION: 8.0.1.36337
  SONAR_SERVER_JAVA_VERSION: 17
  # https://mvnrepository.com/artifact/org.sonarsource.sonarqube/sonar-core
  # https://mvnrepository.com/artifact/org.sonarsource.api.plugin/sonar-plugin-api
@@ -79,9 +57,7 @@ jobs:
  run: |
  ./mvnw verify -B -e -V \
  -Dsonar.server.version=${{ matrix.SONAR_SERVER_VERSION }} \
- -Dsonar-plugin-api.version=${{ matrix.SONAR_PLUGIN_API_VERSION }} \
- -Dsonar-plugin-api.groupId=${{ matrix.SONAR_PLUGIN_API_GROUPID }} \
- -Dsonar-java.version=${{ matrix.SONAR_JAVA_VERSION }}
+ -Dsonar-plugin-api.version=${{ matrix.SONAR_PLUGIN_API_VERSION }}
  deploy:
  runs-on: ubuntu-latest
  needs: build
@@ -131,7 +107,7 @@ jobs:
  uses: ./.github/actions/sonar-update-center
  with:
  prop-file: findbugs.properties
- description: Use SpotBugs 4.8.5, sb-contrib 7.6.4, and findsecbugs 1.13.0
+ description: Use SpotBugs 4.8.6, sb-contrib 7.6.4, and findsecbugs 1.13.0
  minimal-supported-sq-version: 9.9
  latest-supported-sq-version: LATEST
  changelog-url: https://github.com/spotbugs/sonar-findbugs/releases/tag/${{ github.event.release.tag_name }}

diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml
@@ -29,10 +29,8 @@ jobs:
  runs-on: ubuntu-latest
  env:
  # previous LTS version
- SONAR_SERVER_VERSION: 8.9.9.56886
- SONAR_PLUGIN_API_VERSION: 8.9.9.56886
- SONAR_PLUGIN_API_GROUPID: org.sonarsource.sonarqube
- SONAR_JAVA_VERSION: 6.15.1.26025
+ SONAR_SERVER_VERSION: 9.9.0.65466
+ SONAR_PLUGIN_API_VERSION: 9.14.0.375
  steps:
  - name: Decide the ref to check out
  uses: haya14busa/action-cond@v1
@@ -63,8 +61,6 @@ jobs:
  ./mvnw org.jacoco:jacoco-maven-plugin:prepare-agent verify sonar:sonar -B -e -V -DskipITs \
  -Dsonar.server.version=${{ env.SONAR_SERVER_VERSION }} \
  -Dsonar-plugin-api.version=${{ env.SONAR_PLUGIN_API_VERSION }} \
- -Dsonar-plugin-api.groupId=${{ env.SONAR_PLUGIN_API_GROUPID }} \
- -Dsonar-java.version=${{ env.SONAR_JAVA_VERSION }} \
  -Dsonar.projectKey=com.github.spotbugs:sonar-findbugs-plugin \
  -Dsonar.organization=spotbugs \
  -Dsonar.host.url=https://sonarcloud.io \

diff --git a/README.md b/README.md
@@ -74,4 +74,5 @@ Findbugs Plugin version|Embedded SpotBugs/Findbugs version|Embedded Findsecbugs
 4.2.7 | 4.8.3 (SpotBugs) | 1.12.0 | 7.6.4 (sb-contrib) | 1.8|7.9~|5.10.1.16922
 4.2.8 | 4.8.3 (SpotBugs) | 1.13.0 | 7.6.4 (sb-contrib) | 1.8|7.9~|5.10.1.16922
 4.2.9 | 4.8.4 (SpotBugs) | 1.13.0 | 7.6.4 (sb-contrib) | 1.8|7.9~|5.10.1.16922
-4.2.10-SNAPSHOT | 4.8.5 (SpotBugs) | 1.13.0 | 7.6.4 (sb-contrib) | 1.8|7.9~|5.10.1.16922
+4.2.10 | 4.8.6 (SpotBugs) | 1.13.0 | 7.6.4 (sb-contrib) | 1.8|7.9~|5.10.1.16922
+4.3.0-SNAPSHOT | 4.8.6 (SpotBugs) | 1.13.0 | 7.6.4 (sb-contrib) | 17|9.9~|8.0.1.36337
diff --git a/generate_profiles/BuildXmlFiles.groovy b/generate_profiles/BuildXmlFiles.groovy
@@ -8,13 +8,13 @@ import groovy.json.JsonSlurper;
 
 @Grapes([
 
- @Grab(group='com.github.spotbugs', module='spotbugs', version='4.8.5'),
+ @Grab(group='com.github.spotbugs', module='spotbugs', version='4.8.6'),
  @Grab(group='com.mebigfatguy.sb-contrib', module='sb-contrib', version='7.6.4'),
  @Grab(group='com.h3xstream.findsecbugs' , module='findsecbugs-plugin', version='1.13.0')]
 )
 
 
-FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '4.8.5')
+FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '4.8.6')
 CONTRIB = new Plugin(groupId: 'com.mebigfatguy.sb-contrib', artifactId: 'sb-contrib', version: '7.6.4')
 FSB = new Plugin(groupId: 'com.h3xstream.findsecbugs', artifactId: 'findsecbugs-plugin', version: '1.13.0')
 

diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
 
  <groupId>com.github.spotbugs</groupId>
  <artifactId>sonar-findbugs-plugin</artifactId>
- <version>4.2.10-SNAPSHOT</version>
+ <version>4.3.0-SNAPSHOT</version>
  <packaging>sonar-plugin</packaging>
 
  <name>SonarQube SpotBugs Plugin</name>
@@ -52,17 +52,16 @@
  Also need to update profiles, see ./generate_profiles/README.md for detail.
  Update the version table and the rules count badge in README.md
  -->
- <spotbugs.version>4.8.5</spotbugs.version>
+ <spotbugs.version>4.8.6</spotbugs.version>
  <sbcontrib.version>7.6.4</sbcontrib.version>
  <findsecbugs.version>1.13.0</findsecbugs.version>
 
  <jdk.min.version>1.8</jdk.min.version>
  <surefire.version>3.2.5</surefire.version>
  <failsafe.version>3.2.5</failsafe.version>
- <sonar.server.version>7.9</sonar.server.version>
- <sonar-plugin-api.version>7.9.6</sonar-plugin-api.version>
- <sonar-plugin-api.groupId>org.sonarsource.sonarqube</sonar-plugin-api.groupId>
- <sonar-java.version>5.14.0.18788</sonar-java.version>
+ <sonar.server.version>9.9.0.65466</sonar.server.version>
+ <sonar-plugin-api.version>9.14.0.375</sonar-plugin-api.version>
+ <sonar-java.version>8.0.1.36337</sonar-java.version>
 
  <sonar-orchestrator.version>4.9.0.1920</sonar-orchestrator.version>
 
@@ -138,7 +137,7 @@
  </dependency>
 
  <dependency>
- <groupId>${sonar-plugin-api.groupId}</groupId>
+ <groupId>org.sonarsource.api.plugin</groupId>
  <artifactId>sonar-plugin-api</artifactId>
  <version>${sonar-plugin-api.version}</version>
  <scope>provided</scope>
@@ -155,7 +154,44 @@
  <groupId>org.sonarsource.java</groupId>
  <artifactId>sonar-java-plugin</artifactId>
  <version>${sonar-java.version}</version>
- <scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.sonarsource.java</groupId>
+ <artifactId>external-reports</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.sonarsource.java</groupId>
+ <artifactId>java-checks</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.sonarsource.analyzer-commons</groupId>
+ <artifactId>sonar-xml-parsing</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.sonarsource.analyzer-commons</groupId>
+ <artifactId>sonar-analyzer-commons</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.sonarsource.java</groupId>
+ <artifactId>java-checks-aws</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.sonarsource.java</groupId>
+ <artifactId>java-jsp</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.sonarsource.analyzer-commons</groupId>
+ <artifactId>sonar-performance-measure</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.sonarsource.java</groupId>
+ <artifactId>java-surefire</artifactId>
+ </exclusion>
+ <!--<exclusion>
+ <groupId>org.sonarsource.java</groupId>
+ <artifactId>jdt-package</artifactId>
+ </exclusion>-->
+ </exclusions>
  </dependency>
 
  <!-- unit tests -->
@@ -394,6 +430,7 @@
  <pluginClass>org.sonar.plugins.findbugs.FindbugsPlugin</pluginClass>
  <useChildFirstClassLoader>false</useChildFirstClassLoader>
  <requiredForLanguages>java,scala,jsp,clojure,kotlin</requiredForLanguages>
+ <skipDependenciesPackaging>true</skipDependenciesPackaging>
  </configuration>
  </plugin>
  <plugin>
@@ -410,7 +447,7 @@
  <configuration>
  <rules>
  <requireFilesSize>
- <maxsize>32000000</maxsize>
+ <maxsize>42000000</maxsize>
  <minsize>8000000</minsize>
  <files>
  <file>${project.build.directory}/${project.build.finalName}.jar</file>
@@ -432,22 +469,21 @@
  <goal>shade</goal>
  </goals>
  <configuration>
- <artifactSet>
- <includes>
- <include>commons-io:commons-io</include>
- <include>org.codehaus.sonar:sonar-channel</include>
- </includes>
- </artifactSet>
- <relocations>
- <relocation>
- <pattern>org.apache.commons.io</pattern>
- <shadedPattern>shaded.io</shadedPattern>
- </relocation>
- <relocation>
- <pattern>org.sonar.channel</pattern>
- <shadedPattern>shaded.channel</shadedPattern>
- </relocation>
- </relocations>
+ <transformers>
+ <transformer implementation="org.apache.maven.plugins.shade.resource.ApacheNoticeResourceTransformer">
+ <addHeader>false</addHeader>
+ </transformer>
+ </transformers>
+ <filters>
+ <filter>
+ <artifact>*:*</artifact>
+ <excludes>
+ <exclude>META-INF/*.SF</exclude>
+ <exclude>META-INF/*.DSA</exclude>
+ <exclude>META-INF/*.RSA</exclude>
+ </excludes>
+ </filter>
+ </filters>
  <createDependencyReducedPom>false</createDependencyReducedPom>
  </configuration>
  </execution>

diff --git a/src/main/java/org/sonar/plugins/findbugs/FindbugsConfiguration.java b/src/main/java/org/sonar/plugins/findbugs/FindbugsConfiguration.java
@@ -54,17 +54,14 @@
 import org.sonar.api.config.PropertyDefinition;
 import org.sonar.api.resources.Qualifiers;
 import org.sonar.api.scan.filesystem.PathResolver;
-import org.sonar.api.utils.Version;
 import org.sonar.plugins.findbugs.classpath.ClasspathLocator;
-import org.sonar.plugins.findbugs.classpath.DefaultClasspathLocator;
 import org.sonar.plugins.findbugs.rules.FbContribRulesDefinition;
 import org.sonar.plugins.findbugs.rules.FindSecurityBugsRulesDefinition;
 import org.sonar.plugins.findbugs.rules.FindbugsRulesDefinition;
 import org.sonar.plugins.findbugs.xml.Bug;
 import org.sonar.plugins.findbugs.xml.FindBugsFilter;
 import org.sonar.plugins.findbugs.xml.Match;
 import org.sonar.plugins.java.Java;
-import org.sonar.plugins.java.api.JavaResourceLocator;
 
 import com.thoughtworks.xstream.XStream;
 
@@ -81,22 +78,22 @@ public class FindbugsConfiguration {
  private final FileSystem fileSystem;
  private final Configuration config;
  private final ActiveRules activeRules;
- private final JavaResourceLocator javaResourceLocator;
+ private final ClasspathLocator classpathLocator;
 
  public FindbugsConfiguration(FileSystem fileSystem, Configuration config, ActiveRules activeRules,
-  JavaResourceLocator javaResourceLocator) {
+ ClasspathLocator classpathLocator) {
  this.fileSystem = fileSystem;
  this.config = config;
  this.activeRules = activeRules;
- this.javaResourceLocator = javaResourceLocator;
+ this.classpathLocator = classpathLocator;
  }
 
  public File getTargetXMLReport() {
  return new File(fileSystem.workDir(), "findbugs-result.xml");
  }
 
  public void initializeFindbugsProject(Project findbugsProject) throws IOException {
- initializeFindbugsProject(findbugsProject, new DefaultClasspathLocator(javaResourceLocator));
+ initializeFindbugsProject(findbugsProject, classpathLocator);
  }
 
  void initializeFindbugsProject(Project findbugsProject, ClasspathLocator classpathLocator) throws IOException {
@@ -155,11 +152,11 @@ public IllegalStateException buildMissingCompiledCodeException() {
  message.append("\nsonar.java.binaries was set to " + config.get(SONAR_JAVA_BINARIES).orElse(null));
  }
 
- if (javaResourceLocator.classpath().isEmpty()) {
+ if (classpathLocator.classpath().isEmpty()) {
  message.append("\nSonar JavaResourceLocator.classpath was empty");
  }
 
- if (javaResourceLocator.classFilesToAnalyze().isEmpty()) {
+ if (classpathLocator.classFilesToAnalyze().isEmpty()) {
  message.append("\nSonar JavaResourceLocator.classFilesToAnalyze was empty");
  }
 
@@ -263,7 +260,7 @@ private List<File> buildClassFilesToAnalyze(ClasspathLocator classpathLocator) t
  return buildClassFilesToAnalyzePre98();
  } else {
  // It's probably redundant to use javaResourceLocator.classFilesToAnalyze() here, we'll get all the binaries later
- List<File> classFilesToAnalyze = new ArrayList<>(javaResourceLocator.classFilesToAnalyze());
+ List<File> classFilesToAnalyze = new ArrayList<>(classpathLocator.classFilesToAnalyze());
 
  addClassFilesFromClasspath(classFilesToAnalyze, binaryDirs);
 
@@ -281,12 +278,12 @@ private List<File> buildClassFilesToAnalyze(ClasspathLocator classpathLocator) t
  }
 
  private List<File> buildClassFilesToAnalyzePre98() throws IOException {
- List<File> classFilesToAnalyze = new ArrayList<>(javaResourceLocator.classFilesToAnalyze());
+ List<File> classFilesToAnalyze = new ArrayList<>(classpathLocator.classFilesToAnalyze());
 
  boolean hasScalaOrKotlinFiles = fileSystem.hasFiles(fileSystem.predicates().hasLanguages("scala", "kotlin"));
  boolean hasJspFiles = fileSystem.hasFiles(fileSystem.predicates().hasLanguage("jsp")); 
 
- Collection<File> classpath = javaResourceLocator.classpath();
+ Collection<File> classpath = classpathLocator.classpath();
 
  // javaResourceLocator.classFilesToAnalyze() only contains .class files from Java sources
  if (hasScalaOrKotlinFiles) {
@@ -444,7 +441,7 @@ public boolean isAnalyzeTests() {
 
  public static List<PropertyDefinition> getPropertyDefinitions(Context context) {
  String subCategory = "FindBugs";
- List<PropertyDefinition> properties = Arrays.asList(
+ return Arrays.asList(
  PropertyDefinition.builder(FindbugsConstants.EFFORT_PROPERTY)
  .defaultValue(FindbugsConstants.EFFORT_DEFAULT_VALUE)
  .category(Java.KEY)
@@ -505,27 +502,15 @@ public static List<PropertyDefinition> getPropertyDefinitions(Context context) {
  .name("Only Analyze")
  .description("To analyze only the given files (in FQCN, comma separted) / package patterns")
  .type(PropertyType.STRING)
- .build() 
- );
-
- if (context.getSonarQubeVersion().isGreaterThanOrEqual(Version.create(9, 8))) {
- // The sonar-java plugin API only has the methods to get the test binaries/classpath starting with SonarQube 9.8
- // For clarity we hide the property in earlier versions because it would have no effect (tests are not analyzed)
- properties = new ArrayList<>(properties);
- properties.add(
- PropertyDefinition.builder(FindbugsConstants.ANALYZE_TESTS)
- .defaultValue(Boolean.toString(FindbugsConstants.ANALYZE_TESTS_VALUE))
- .category(Java.KEY)
- .subCategory(subCategory)
- .name("Analyze tests")
- .description("Look for bugs in the project test code")
- .onQualifiers(Qualifiers.PROJECT)
- .type(PropertyType.BOOLEAN)
- .build()
- );
- }
-
- return properties;
+ .build(),
+ PropertyDefinition.builder(FindbugsConstants.ANALYZE_TESTS)
+ .defaultValue(Boolean.toString(FindbugsConstants.ANALYZE_TESTS_VALUE))
+ .category(Java.KEY)
+ .subCategory(subCategory)
+ .name("Analyze tests")
+ .description("Look for bugs in the project test code")
+ .onQualifiers(Qualifiers.PROJECT)
+ .type(PropertyType.BOOLEAN)
+ .build());
  }
-
 }
diff --git a/src/main/java/org/sonar/plugins/findbugs/FindbugsPlugin.java b/src/main/java/org/sonar/plugins/findbugs/FindbugsPlugin.java
@@ -25,6 +25,7 @@
 import org.sonar.api.Plugin;
 import org.sonar.api.batch.fs.FilePredicate;
 import org.sonar.api.batch.fs.FilePredicates;
+import org.sonar.plugins.findbugs.classpath.DefaultClasspathLocator;
 import org.sonar.plugins.findbugs.language.Jsp;
 import org.sonar.plugins.findbugs.language.scala.Scala;
 import org.sonar.plugins.findbugs.profiles.FindbugsProfile;
@@ -69,6 +70,7 @@ public void define(Context context) {
  FindbugsProfile.class,
 
  FindbugsRulesPluginsDefinition.class,
+ DefaultClasspathLocator.class,
  ByteCodeResourceLocator.class));
  }
 }