SonarQube 5.6: violations reported for an outer class by findbugs is not reported as a sonar violation

Question

I am using SonarQube 5.6 with java plugin 4.0 and findbugs plugin 3.4.3. With this configuration, the violations reported for an outer class by findbugs is not reported as a sonar violation. The below are the code details.

Java file

package com.test.pkg;

import java.net.MalformedURLException;
import java.net.URL;

public class URLTest {

    public static void main (String [] args) {
        // do nothing
    }
}

class OuterURL {

    public void foo () throws MalformedURLException {
        URL findbugsURL1 = new URL ("http://findbugs.sourceforge.net/");
        URL findbugsURL2 = new URL ("http://findbugs.sourceforge.net/");
        if (findbugsURL1.equals(findbugsURL2)) {
            System.out.println("both urls are equal");
        }
    }

}

Findbugs-results.xml has below content

<BugCollection version="3.0.1" sequence="0" timestamp="1470131475000" analysisTimestamp="1470133581561" release="">
  <Project>
    <Jar><somepath>/project1/bin/com/test/pkg/OuterURL.class</Jar>
    <Jar><somepath>/project1/bin/com/test/pkg/URLTest.class</Jar>
    <AuxClasspathEntry><somepath>/project1/bin</AuxClasspathEntry>
    <AuxClasspathEntry><somepath>/project1/src/.sonar/findbugs/annotations.jar</AuxClasspathEntry>
    <AuxClasspathEntry><somepath>/project1/src/.sonar/findbugs/jsr305.jar</AuxClasspathEntry>
    <WrkDir><somepath>/project1/src/.sonar</WrkDir>
  </Project>
  <BugInstance type="DMI_BLOCKING_METHODS_ON_URL" priority="1" rank="16" abbrev="Dm" category="PERFORMANCE" instanceHash="3c28cb79b988fda6b10e89974603edc7" instanceOccurrenceNum="0" instanceOccurrenceMax="0">
    <ShortMessage>The equals and hashCode methods of URL are blocking</ShortMessage>
    <LongMessage>Invocation of java.net.URL.equals(Object), which blocks to do domain name resolution, in com.test.pkg.OuterURL.foo()</LongMessage>
    <Class classname="com.test.pkg.OuterURL" primary="true">
      <SourceLine classname="com.test.pkg.OuterURL" start="13" end="21" sourcefile="URLTest.java" sourcepath="com/test/pkg/URLTest.java">
        <Message>At URLTest.java:[lines 13-21]</Message>
      </SourceLine>
      <Message>In class com.test.pkg.OuterURL</Message>
    </Class>
    <Method classname="com.test.pkg.OuterURL" name="foo" signature="()V" isStatic="false" primary="true">
      <SourceLine classname="com.test.pkg.OuterURL" start="16" end="21" startBytecode="0" endBytecode="131" sourcefile="URLTest.java" sourcepath="com/test/pkg/URLTest.java"/>
      <Message>In method com.test.pkg.OuterURL.foo()</Message>
    </Method>
    <Method classname="java.net.URL" name="equals" signature="(Ljava/lang/Object;)Z" isStatic="false" role="METHOD_CALLED">
      <SourceLine classname="java.net.URL" start="866" end="870" startBytecode="0" endBytecode="68" sourcefile="URL.java" sourcepath="java/net/URL.java"/>
      <Message>Called method java.net.URL.equals(Object)</Message>
    </Method>
    <SourceLine classname="com.test.pkg.OuterURL" primary="true" start="18" end="18" startBytecode="22" endBytecode="22" sourcefile="URLTest.java" sourcepath="com/test/pkg/URLTest.java">
      <Message>At URLTest.java:[line 18]</Message>
    </SourceLine>

In console log, i can see below message. WARN: The class 'com.test.pkg.OuterURL' could not be match to its original source file. It might be a dynamically generated class.

This issue seems to be happening due to the logic in findJavaClassFile method of ByteCodeResourceLocator

Has anyone seen similar issue ?

Answer 1

This is an issue with the sonar-findbugs plugin. It was failing to find the original source file.

To follow the resolution, please refer to this issue: https://github.com/SonarQubeCommunity/sonar-findbugs/issues/40

Answer 2

It is highly likely that the relevant FindBugs rule is not included in the Quality Profile used for the project.