2

I have a javaee project that has the following dependency:

    <dependency>
        <groupId>javax</groupId>
        <artifactId>javaee-api</artifactId>
        <scope>provided</scope>
    </dependency>

The project builds, packages and deploys properly / as expected. However, when I try to run a SonarQube build for this project, I get the following types of warnings with a final fatal error

Nov 04, 2015 11:18:31 AM net.sourceforge.pmd.lang.java.typeresolution.ClassTypeResolver visit
WARNING: Could not find class com.admin.agent.AgentAdminController, due to: java.lang.ClassFormatError: JVMCFRE074 no Code attribute specified; class=javax/servlet/GenericServlet, method=<init>()V, pc=0
....
....
[ERROR] Failed to execute goal org.codehaus.mojo:sonar-maven-plugin:2.7.1:sonar (default-cli) on project build: Execution default-cli of goal org.codehaus.mojo:sonar-maven-plugin:2.7.1:sonar failed: An API incompatibility was encountered while executing org.codehaus.mojo:sonar-maven-plugin:2.7.1:sonar: java.lang.ClassFormatError: JVMCFRE074 no Code attribute specified; class=javax/servlet/jsp/PageContext, method=<init>()V, pc=0

After a bunch of searching, I have found the culprit to be the javaee-api dependency. Being an API only (no implementation) SonarQube complains of missing classes. The only solution I have found is to replace the dependency with a jboss implementation:

            <dependency>
                <groupId>org.jboss.spec</groupId>
                <artifactId>jboss-javaee-6.0</artifactId>
                <version>1.0.0.Final</version>
                <type>pom</type>
                <scope>provided</scope>
            </dependency>

However, this does not work well for me. I had to modify my pom and remove my original javaee-api dependency and replace it. This means that none of my builds can use the javax.javaee-api dependency?

As far as I am concerned a functional Maven build should be scannable by Sonar.

How can I indicate to Sonar that I want it to use a different dependency for the build (instead of the one in the project pom), or have it ignore the javax.javaee-api dependency altogether?

Eric B.
  • 23,425
  • 50
  • 169
  • 316
  • You've apparently already asked this before and abandoned it: http://stackoverflow.com/questions/29152487/how-to-ignore-javax-files-in-sonarqube . – Gimby Nov 04 '15 at 20:42
  • @Gimby - Wow... you're right; I don't even remember posting that! I guess 6 months later, I'm still looking for a better solution! – Eric B. Nov 05 '15 at 02:49

2 Answers2

0

This does not seem about sonarqube but rather PMD as you can see per log line : net.sourceforge.pmd.lang.java.typeresolution.ClassTypeResolver (see pmd in package name)

It sounds that the problem is not about the fact that the class is not found but rather that PMD does not support the binary format of this class in this library (pretty hard to understand the underlying reason with the information in your post, most probably this lib was packaged with a specific version of JDK) and so this is fixed by changing the dependency in your pom because in this new library, the binary format is supported.

Can you precise which version of the sonar-pmd you are using ? (that will tell us which version of PMD is used and you can check in release notes if this was addressed at one point).

This definitely sounds like a bug in the class reader of PMD.

benzonico
  • 10,635
  • 5
  • 42
  • 50
  • I'm using PMD 5.3.1 and it uses an auto-generated target/sonar/pmd.xml file as its configuration. I've looked through the SonarQube interface and don't even see where I could specify a PMD configuration. – Eric B. Nov 05 '15 at 16:38
  • I think the problem stems from the fact that javax.javaee-api is not a full implementation, but rather just a stubbed implementation. Why that affects PMD is a bit ambiguous to me. Additionally, if I add an extra full implementation as a dependency, it still isn't good enough without removing the stubbed dependency (I presume due to there being two same-named classes on the classpath and mvn/pmd is using/resolving the stubbed version first) – Eric B. Nov 05 '15 at 16:46
  • Can you precise the version of the sonar-pmd plugin ? not the version of PMD itself. An option to get more information about the issue would be to do an analysis of your project with PMD without sonarqube. This will allow to determine precisely where is the bug coming from (PMD or sonar-pmd). The problem is the reading of the `.class` file the fact that you have stubbed implem or not provided is irrelevant as far as I can understand. – benzonico Nov 06 '15 at 08:38
  • According to the SonarQube updatecentre page, I'm using Sonar-PMD plugin v2.4.1. I'll have to try out your theory with the PMD plugin directly. I've actually tried to create a dummy project with some minimal dependencies on the javaee-api lib but haven't been able to reproduce the warning/errror msgs with that basic config. – Eric B. Nov 09 '15 at 15:55
0

This is how we can integrate SonarQube in maven project. pom.xml

   </properties>
       <argLine></argLine>
        <sonar.exclusions>**/*Entity.java</sonar.exclusions>
    </properties>

<profiles>
        <profile>
            <id>coverage</id>
            <activation>
                <activeByDefault>false</activeByDefault>
            </activation>
            <properties>
                <sonar.host.url>
                    https://localhost:8080(Add the url for sonar)
                </sonar.host.url>
            </properties>
            <build>
                <plugins>
                    <plugin>
                        <groupId>org.sonarsource.scanner.maven</groupId>
                        <artifactId>sonar-maven-plugin</artifactId>
                        <version>3.8.0.2131</version>
                    </plugin>
                    <plugin>
                        <groupId>org.jacoco</groupId>
                        <artifactId>jacoco-maven-plugin</artifactId>
                        <version>0.8.6</version>
                        <executions>
                            <execution>
                                <id>prepare-agent</id>
                                <goals>
                                    <goal>prepare-agent</goal>
                                </goals>
                            </execution>
                            <execution>
                                <id>report</id>
                                <goals>
                                    <goal>report</goal>
                                </goals>
                            </execution>
                        </executions>
                    </plugin>
                </plugins>
            </build>
        </profile>
    </profiles>

-Dsonar.login = "login key for sonar"
mvn clean test sonar:sonar -Dsonar.login=  -Pcoverage
Ravi
  • 11
  • 2