sbaudoin / sonar-shellcheck Goto Github PK
View Code? Open in Web Editor NEWSonarQube plugin to analyze Shell scripts with ShellCheck
License: Apache License 2.0
sonar-shellcheck's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
znerd sbonds christophemmersberger-taulia gaochangshui-trec itishree143 active-xu reddytirumalesh ingenio mekhanique izuwaresonar-shellcheck's Issues
No issues reported on SonarQube
Hi,
I am using SG v8.91, shellcheck v0.7.2, sonar-shellcheck plugin v2.4.0
The plugin is well installed on SG
I am using GiltLab CI/CD, output of shellcheck below
$ shellcheck --version
ShellCheck - shell script analysis tool
version: 0.7.2
license: GNU General Public License, version 3
website: https://www.shellcheck.net
$ export SONAR_PROPERTIES_FILENAME="sonar-project.properties" # collapsed multi-line command
$ for file in $(find $CI_PROJECT_DIR -type f -name '*.sh'); do shellcheck --format=gcc $file; done;
../docker-cmd.sh:7:28: note: Double quote to prevent globbing and word splitting. [SC2086]
I am not able to visualize any issue on SQ.
Any suggestions ?
Thank you
plugin hangs when scanning scripts that contain a specific source expression
Summary
Shellcheck plugin 2.4.0 hangs when scanning files that contain:
source /dev/stdin <<<"$(curl -s <apiBasePath>/this/is/a/shell/script)"this alternative works:
source <(curl -s "<apiBasePath>/this/is/a/shell/script")Reproduce
Tested
- SonarQube: 9.0.1.46107 (via Docker image, instructions below)
- SonarQube: 8.9.2 (build 46101) Enterprise.
- Sonar scanner: 4.6.2.2472 (via Docker image, instructions below)
- Docker: 3.5.2 (66501) on MacOS 11.5.2
- Docker: 18.06.1-ce on Ubuntu 18.04.4 LTS (TravisCI worker)
Steps
echo 'source /dev/stdin <<<"$(curl -s <apiBasePath>/this/does/not/exist)"' > test.sh
curl --create-dirs -sLo extensions/plugins/sonar-shellcheck-plugin-2.4.0.jar https://github.com/sbaudoin/sonar-shellcheck/releases/download/v2.4.0/sonar-shellcheck-plugin-2.4.0.jar
docker run -d -v "$(pwd)/extensions:/opt/sonarqube/extensions" --rm --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest -Dsonar.forceAuthentication=false
sleep 120
docker run --network host --rm -v "$(pwd):/usr/src" sonarsource/sonar-scanner-cli -Dsonar.projectKey=test-shell-project -Dsonar.sourceEncoding="UTF-8" -X
# Ctrl-c will stop the scan and proceed to the next line
docker stop sonarqubeLogs
No Vulnerabilities or security hotspot for hardcoded password
Unlike other language plugin , no rules for Vulnerabilities or security hotspot for hardcoded password. Can you add a rule for checking this words for review ? (password, passwd etc.) . Or can you suggest me anyway we can find out anything to fix ?
Any help is appreciated
Sonar i-Code CNES plugin is now compatible with sonar-shellcheck
Good news !
In your readme we can read that our plugin is not compatible with shellcheck: https://github.com/sbaudoin/sonar-shellcheck#plugin-not-compatible-with-the-sonar-i-code-cnes-plugin
As we have deprecated shell analysis in I-Code to use ShellCheck analysis instead, we have removed shell support in the I-Code plugin, so it does not interfere anymore with your plugin :)
It will work with I-Code CNES Plugin 3.0.0 and later: https://github.com/cnescatlab/sonar-icode-cnes-plugin/releases/tag/3.0.0
Add code highlighting
ShellCheck minimum version
I run sonar-scanner with ShellCheck from epel repository on CentOS7 and I have this warning:
WARN: Errors happened during analysis:
unrecognized option `-x'
Usage: shellcheck [OPTIONS...] FILES...
-e CODE1,CODE2.. --exclude=CODE1,CODE2.. exclude types of warnings
-f FORMAT --format=FORMAT output format
-s SHELLNAME --shell=SHELLNAME Specify dialect (bash,sh,ksh)
-V --version Print version information
It seems that version available with epel (0.3.8) not working with sonar-shellcheck. But tested with latest version of shellcheck (0.6.0) and option -x is available. Can you add the minimum version needed for ShellCheck in documentation?
Thanks for your work.
Remove deprecation warning
When running with recent SQ servers we can see the following annoying warning:
WARN: Metric 'comment_lines_data' is deprecated. Provided value is ignored.
Using in pipeline - standalone Sonar Scanner versus Sonar Scanner Maven plugin
The readme for this plugin says to use the standalone Sonar Scanner binary. I've configured my Jenkins pipeline according to the SonarQube documentation and use the Sonar Scanner Maven plugin to run the Sonar scans. I cannot find any evidence that this plugin executed when the Sonar Scanner Maven plugin executed its inspections. For example, I can see that the Dependency-Check plugin executed:
[INFO] Sensor Dependency-Check [dependencycheck] (done) | time=5msSo, does usage of this plugin require the standalone Sonar Scanner, or can this plugin be made to work with the official Sonar Scanner for Maven? If this plugin can be made to work with the Maven plugin, what needs to be done to make it work? I've installed the plugin, configured the location for the shellcheck binary, and assigned the Shellcheck quality profile to an SQ project, but I don't see the plugin working yet.
Thanks for your help!
java.sql.SQLException: Incorrect string value: '\xF0\x9F\x9A\xA7 I...' for column 'description' at row 1
When I upgrade the plugin in SonarQube to 2.2.0, I get this error in web.log:
2019.10.16 16:06:57 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
org.apache.ibatis.exceptions.PersistenceException:Error updating database. Cause: java.sql.SQLException: Incorrect string value: '\xF0\x9F\x9A\xA7 I...' for column 'description' at row 1
The error may involve org.sonar.db.rule.RuleMapper.updateDefinition-Inline
The error occurred while setting parameters
Cause: java.sql.SQLException: Incorrect string value: '\xF0\x9F\x9A\xA7 I...' for column 'description' at row 1
at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30) at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:200) at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:63) at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:59) at com.sun.proxy.$Proxy44.updateDefinition(Unknown Source) at org.sonar.db.rule.RuleDao.update(RuleDao.java:173) at org.sonar.server.rule.RegisterRules.update(RegisterRules.java:770) at org.sonar.server.rule.RegisterRules.registerRule(RegisterRules.java:376) at org.sonar.server.rule.RegisterRules.start(RegisterRules.java:132) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.invokeMethod(ReflectionLifecycleStrategy.java:110) at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.start(ReflectionLifecycleStrategy.java:89) at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84) at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169) at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132) at org.picocontainer.behaviors.Stored.start(Stored.java:110) at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016) at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009) at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767) at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135) at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90) at org.sonar.server.platform.platformlevel.PlatformLevelStartup.access$001(PlatformLevelStartup.java:46) at org.sonar.server.platform.platformlevel.PlatformLevelStartup$1.doPrivileged(PlatformLevelStartup.java:82) at org.sonar.server.user.DoPrivileged.execute(DoPrivileged.java:46) at org.sonar.server.platform.platformlevel.PlatformLevelStartup.start(PlatformLevelStartup.java:79) at org.sonar.server.platform.Platform.executeStartupTasks(Platform.java:196) at org.sonar.server.platform.Platform.access$400(Platform.java:46) at org.sonar.server.platform.Platform$1.lambda$doRun$1(Platform.java:121) at org.sonar.server.platform.Platform$AutoStarterRunnable.runIfNotAborted(Platform.java:371) at org.sonar.server.platform.Platform$1.doRun(Platform.java:121) at org.sonar.server.platform.Platform$AutoStarterRunnable.run(Platform.java:355) at java.lang.Thread.run(Thread.java:748)Caused by: java.sql.SQLException: Incorrect string value: '\xF0\x9F\x9A\xA7 I...' for column 'description' at row 1
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:965)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3976)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3912)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2530)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2683)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2486)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:1858)
at com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1197)
at org.apache.commons.dbcp2.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:94)
at org.apache.commons.dbcp2.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:94)
at org.apache.ibatis.executor.statement.PreparedStatementHandler.update(PreparedStatementHandler.java:46)
at org.apache.ibatis.executor.statement.RoutingStatementHandler.update(RoutingStatementHandler.java:74)
at org.apache.ibatis.executor.ReuseExecutor.doUpdate(ReuseExecutor.java:52)
at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117)
at org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:76)
at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:198)
... 33 common frames omitted
2019.10.16 16:06:57 INFO web[][o.s.p.StopWatcher] Stopping process
It is definitely from the shellcheck plugin, because the error goes away when I delete the plugin's jar and restart SonarQube.
SonarQube version: 7.7.
Execution of ShellCheck Sensor failed
The ShellCheck Sensor plugin doesn't work for me:
INFO: Java Main Files AST scan (done) | time=22088ms
INFO: Java Test Files AST scan
INFO: 0 source files to be analyzed
INFO: Java Test Files AST scan (done) | time=1ms
INFO: Sensor JavaSquidSensor [java] (done) | time=23251ms
INFO: Sensor Python Squid Sensor [python]
INFO: 615/615 source files have been analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor Python Squid Sensor [python] (done) | time=8094ms
INFO: Sensor Cobertura Sensor for Python coverage [python]
INFO: Sensor Cobertura Sensor for Python coverage [python] (done) | time=822ms
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=852ms
INFO: Sensor SonarCSS Metrics [cssfamily]
INFO: Sensor SonarCSS Metrics [cssfamily] (done) | time=2388ms
INFO: Sensor SonarCSS Rules [cssfamily]
INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=3164ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=63ms
INFO: Sensor ShellCheck Sensor [shellcheck]
ERROR: Error executing command
java.io.IOException: Cannot run program "shellcheck": error=2, No such file or directory
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1048)
at com.github.sbaudoin.sonar.plugins.shellcheck.rules.ShellCheckSensor.executeCommand(ShellCheckSensor.java:165)
at com.github.sbaudoin.sonar.plugins.shellcheck.rules.ShellCheckSensor.execute(ShellCheckSensor.java:105)
at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53)
at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:68)
at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:88)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:180)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:288)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:283)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:261)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:84)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:121)
at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:71)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:185)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:137)
at org.sonarsource.scanner.cli.Main.execute(Main.java:111)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.io.IOException: error=2, No such file or directory
at java.lang.UNIXProcess.forkAndExec(Native Method)
at java.lang.UNIXProcess.<init>(UNIXProcess.java:247)
at java.lang.ProcessImpl.start(ProcessImpl.java:134)
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1029)
... 34 common frames omitted
OS: CentOS Linux release 7.6.1810 (Core)
SonarQube: 6.7.3.38370
sonar-shellcheck: 2.0.0
Any idea?
Sonarqube 8.0 Dev edition - Compute Engine fail starting up
Hi,
Dunno how to have more log about this but, this plugin crash the Compute Engine at starting
2019.10.22 08:43:41 INFO ce[][o.s.p.ProcessEntryPoint] Starting ce
2019.10.22 08:43:41 INFO ce[][o.s.ce.app.CeServer] Compute Engine starting up...
2019.10.22 08:43:42 INFO ce[][o.s.c.e.CoreExtensionsLoader] Loaded core extensions: developer-edition, developer-scanner, developer-server, license
2019.10.22 08:43:42 INFO ce[][o.e.p.PluginsService] no modules loaded
2019.10.22 08:43:42 INFO ce[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.join.ParentJoinPlugin]
2019.10.22 08:43:42 INFO ce[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.percolator.PercolatorPlugin]
2019.10.22 08:43:42 INFO ce[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
2019.10.22 08:43:43 INFO ce[][o.s.s.e.EsClientProvider] Connected to local Elasticsearch: [127.0.0.1:9001]
2019.10.22 08:43:43 INFO ce[][o.sonar.db.Database] Create JDBC data source for jdbc:postgresql://localhost/sonar
2019.10.22 08:43:45 INFO ce[][o.s.s.p.ServerFileSystemImpl] SonarQube home: /opt/sonarqube-8.0
2019.10.22 08:43:45 INFO ce[][o.s.c.c.CePluginRepository] Load plugins
2019.10.22 08:43:46 ERROR ce[][o.s.ce.app.CeServer] Compute Engine startup failed
java.lang.IllegalStateException: Fail to load plugin ShellCheck Analyzer [shellcheck]
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:88)
at org.sonar.ce.container.ComputeEngineContainerImpl.startLevel4(ComputeEngineContainerImpl.java:230)
at org.sonar.ce.container.ComputeEngineContainerImpl.start(ComputeEngineContainerImpl.java:196)
at org.sonar.ce.ComputeEngineImpl.startup(ComputeEngineImpl.java:45)
at org.sonar.ce.app.CeServer$CeMainThread.attemptStartup(CeServer.java:163)
at org.sonar.ce.app.CeServer$CeMainThread.run(CeServer.java:141)
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.*")
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.base/java.security.AccessController.checkPermission(AccessController.java:897)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
at java.base/java.lang.System.getenv(System.java:1042)
at com.github.sbaudoin.sonar.plugins.shellcheck.ShellCheckPlugin.define(ShellCheckPlugin.java:31)
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:78)
... 5 common frames omitted
2019.10.22 08:43:46 INFO ce[][o.s.p.ProcessEntryPoint] Hard stopping process
Best regards
Duplication is not identified in analysis
During run of shellcheck extension in sonarqube the analysis is not detecting any duplications in result even when multiple duplicated files or lines are added.
Query: Does shellcheck plugin supports 8.9 version of SonarQube
Hi,
I have currently installed shellcheck plugin version-2.4 on sonarqube-7.9 version.
I wanted to know if shellcheck plugin is compatible with sonarqube-8.9 version?
Which version of shellcheck plugin supports sonarqube-8.9?
Is there any known bug/ issue that might arise if shellcheck is compatible with sonarqube-8.9?
Regards,
Alok Singh
Plugin not compatible with the Sonar i-Code CNES plugin
The Sonar i-Code CNES plugin already analyses Shell script and already defines the Shell language and a 'Sonar way' profile. As a consequence, if you install both plugins Sonar won't start.
ERROR: Error during SonarScanner execution java.lang.IllegalStateException: Cannot register highlighting rule for characters at Range[from [line=32, lineOffset=77] to [line=36, lineOffset=0]] as it overlaps at least one existing rule
Dear sbaudin,
I am trying to enable static code analysis for shell scripts using SonarQube 8.0 (also tried with newest one - v9.0) and shellcheck plugin v0.71 and shellcheck analyzer 2.4.0 from Marketplace on SonarQube
ShellCheck - shell script analysis tool
version: 0.7.1
license: GNU General Public License, version 3
I've editted the sonar-project.properties file as it is written in https://github.com/sbaudoin/sonar-shellcheck
When I tried to execute sonar-scanner I am experiencing the following error:
ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: Cannot register highlighting rule for characters at Range[from [line=32, lineOffset=77] to [line=36, lineOffset=0]] as it overlaps at least one existing rule
at org.sonar.api.batch.sensor.highlighting.internal.DefaultHighlighting.checkOverlappingBoundaries(DefaultHighlighting.java:60)
at org.sonar.api.batch.sensor.highlighting.internal.DefaultHighlighting.doSave(DefaultHighlighting.java:120)
at org.sonar.api.batch.sensor.internal.DefaultStorable.save(DefaultStorable.java:45)
at com.github.sbaudoin.sonar.plugins.shellcheck.rules.ShellCheckSensor.saveSyntaxHighlighting(ShellCheckSensor.java:304)
at com.github.sbaudoin.sonar.plugins.shellcheck.rules.ShellCheckSensor.execute(ShellCheckSensor.java:146)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:48)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:85)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:77)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:82)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:387)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:383)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:346)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:141)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
ERROR:
I tried to disable highlighting rule by modifying properties file, but without success. The strange thing is that code analysis is passed for some of the scripts and they are successfully uploaded in SonarQube Server when I am using only them.
Can you help with advising how can I avoid such error and upload code in SonarQube Server for all shell scripts?
Thank you in advance.
Regards,
Ivailo
Allow checking files without extensions
I currently have to create links to all our existing shebanged shell scripts to get them analyzed. I see that empty strings get filtered from the suffix list. My work around breaks blame info. CLI Shellcheck checks files without extensions/suffixes just fine. This should be configurable.
(
)Error while GitLab scans shell scripts
Hi,
I am getting the following error "ERROR: Error executing command: Cannot run program "shellcheck": error=2, No such file or directory. ERROR: Is the command installed and in the path?" on GitLab pipeline when scanning shell scripts.
This plugin was installed on the server where sonarqube is hosted and I added the /usr/bin/shellcheck PATH to .bashrc as well as sourced it to sync up. I also restarted the server after all the steps mentioned.
Versions:
sonar-shellcheck - 2.4.0
sonar version - 8.6.0.39681-0 on Debian 10 (AMI provided by bitnami)
shellcheck - 0.5.0
I would like to see the static code analysis of the shell scripts in the specified project. Can you provide suggestions/thoughts on what might be incorrect in the setup?
Regards,
Sumukha
Code not highlighted if plugin disabled and no rule enabled
See adc075d#diff-fd8cf033360af5125ee5d52cd836e0b72a43de855b45d32bc71d244ae55448c2R102: the code won't be highlighted if there is no active rule for this plugin.
Plugin not available in SonarQube 8.1 Marketplace
I cannot see this plugin in the list of available plugins using version 8.1 of SonarQube.
Issue with specials caracters 'FF' (FORM FEED), 'CR' (CARIAGE RETURN) in shell scripts
Hi there,
I have an issue with the sonar-shellcheck plugin.
I have some specials caracters 'FF' (FORM FEED), 'CR' (CARIAGE RETURN) in shell scripts, and it doesn't work with the sonar-shellcheck plugin :
ERROR: Error during SonarScanner execution
java.lang.IllegalArgumentException: Unable to highlight file [...]
at org.sonar.api.batch.sensor.highlighting.internal.DefaultHighlighting.highlight(DefaultHighlighting.java:97)
at org.sonar.api.batch.sensor.highlighting.internal.DefaultHighlighting.highlight(DefaultHighlighting.java:37)
at com.github.sbaudoin.sonar.plugins.shellcheck.highlighting.HighlightingData.highlight(HighlightingData.java:58)
at com.github.sbaudoin.sonar.plugins.shellcheck.rules.ShellCheckSensor.saveSyntaxHighlighting(ShellCheckSensor.java:298)
at com.github.sbaudoin.sonar.plugins.shellcheck.rules.ShellCheckSensor.execute(ShellCheckSensor.java:139)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:48)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:85)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:77)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:82)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:386)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:382)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:351)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:141)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalArgumentException: 26 is not a valid line offset for pointer. File [...] has 23 character(s) at line 98
at org.sonar.api.utils.Preconditions.checkArgument(Preconditions.java:43)
at org.sonar.api.batch.fs.internal.DefaultInputFile.checkValid(DefaultInputFile.java:339)
at org.sonar.api.batch.fs.internal.DefaultInputFile.newPointer(DefaultInputFile.java:272)
at org.sonar.api.batch.fs.internal.DefaultInputFile.newRange(DefaultInputFile.java:288)
at org.sonar.api.batch.sensor.highlighting.internal.DefaultHighlighting.highlight(DefaultHighlighting.java:95)
... 34 more
Can you fix this issue ?
Ability to Skip/Disable Shellcheck Plugin
It would be great if I could just disable the ShellCheck plugin by setting a single property, e.g.:
sonar.shellcheck.skip=true
This would be similar to what e.g. the SonarQube Build Breaker plugin features. It can be disabled by setting a similar property:
sonar.buildbreaker.skip=true
See:
The offline version
Hello, does the installation of this plug-in depend on the Internet?My environment is CentOS but can't connect to the Internet. Can I use your plug-in?thank you
Error while downloading plugin 'shellcheck' with version '2.5.0'. No compatible plugin found.
We had installed ShellCheck plugin 2.4.0 on January, 2022, but it looks like this plugin got uninstalled automatically without any intimation or alert.
When we are trying to install ShellCheck Analyzer 2.5.0 on our system, we get an error Error while downloading plugin “shellcheck” with version “2.5.0”. No compatible plugin found.
Could you please advise to install ShellCheck Analyzer 2.5.0 on our sonarqube 8.4.2 version.
Also, Please confirm why this shellcheck plugin got uninstalled automatically. because it’s impacting our pipelines.
Disable plugin in sonar-project.properties
I'm going to use shell plugin only for any projects, how I can disable plugin work without remove from SQ server?
Output of shellcheck is empty
which versions are you using
SonarQube: serverVersion=8.5.1.38104
shellcheck-plugin: sonar-shellcheck-plugin-2.3.0.jar
sonar-scanner-cli (docker-image)=4.50
what are you trying to achieve
checking a shell file and make the results visible in sonarqube server project
what have you tried so far to achieve this
running the sonar-scanner-cli traces the following output
sonarscanner_1 | 12:57:16.871 DEBUG: Executing command: [shellcheck, -x, -f, json, /usr/src/<file.sh>]
sonarscanner_1 | 12:57:18.197 DEBUG: Output from shellcheck:
sonarscanner_1 | 12:57:18.200 INFO: Sensor ShellCheck Sensor [shellcheck] (done) | time=1331ms
and i dont see any infos in the project view in sonar server
running shellcheck -f json <file.sh> traces lots of warns, errors
thx a lot
Add the ShellCheck version in the plugin logs
To ease the identification of potential issues, the plugin logs should output the version of ShellCheck used to analyze the code.
Support Bash File Suffix By Default
Please support the .bash file suffix by default.
Add metrics
As per SonarQube requirements, plugin declaring a new language must provide at least basic metrics such as size metrics.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.