Geek asks and answers

How can I change the Squid rule in Sonar?

I am new to SonarQube and Squid (and CheckStyle and FindBugs and PMD). I am using SonarQube 4.1.1. and a Sonar quality profile with Findbugs quality profile to evaluate some of my Java projects.

As a result of my analysis, I get a ton of the same critical problem from Squid:

Exception handlers should provide some context and keep the Original exception. When processing an excluded floodplain, two mandatory information must be either registered or presented in an updated exception:

  • Some conditions to facilitate the reproduction of the problem.
  • The original exception for its messages and stack trace.

In my code I use a logger, for example.

catch(Exception e) {
    LOG.error(SampleClass.class.getSimpleName() + ": " + e);
}

Why does this rule work? The exception is logged. Is it because I am not using Logger, but Log?

My second question is: Where can I see and change the Squid rules and, possibly, add a couple of mine? As far as I understand FindBug, CheckStyle and PMD, I can write my own rules. Is this possible with Squid?

+3
source share
4 answers

I believe the rule is triggered because you are logging a simple toString () message from Exception e, not a full stack trace. Sort of

LOG.error(SampleClass.class.getSimpleName() + ": " + e, e);

will satisfy the rule.

SonarQube has very good examples of compatible / non-compliant code with each rule definition. Expand the rule name, either in problems or in quality profiles, to view examples.

( ) , , "Sonar Way...", . SonarQube, , .

, , , , , , . , Sonar Way, . , / , . , , , .

+3

Log.e(TAG, e.getMessage(), e);

0

SonarQube. Sonarqube: / Squid .

0

. , . (pre-Squid) , , , , . , 800 , . , . .

It seems to me that if my code calls the outer part of the code, I do not need to share the stack trace through this part of the code when I report an exception. Someone debugging my code with help NumberFormatExceptionprobably doesn't care about how many NFE layers went into parsing the number, they probably just take care that my code cannot check the number and where to look for this fix in my code. Suppressing the original stack trace makes sense to me.

0
source

More articles:


All Articles