sbaudoin / sonar-shellcheck Goto Github PK
View Code? Open in Web Editor NEWSonarQube plugin to analyze Shell scripts with ShellCheck
License: Apache License 2.0
SonarQube plugin to analyze Shell scripts with ShellCheck
License: Apache License 2.0
Hi,
I am using SG v8.91, shellcheck v0.7.2, sonar-shellcheck plugin v2.4.0
The plugin is well installed on SG
I am using GiltLab CI/CD, output of shellcheck below
$ shellcheck --version
ShellCheck - shell script analysis tool
version: 0.7.2
license: GNU General Public License, version 3
website: https://www.shellcheck.net
$ export SONAR_PROPERTIES_FILENAME="sonar-project.properties" # collapsed multi-line command
$ for file in $(find $CI_PROJECT_DIR -type f -name '*.sh'); do shellcheck --format=gcc $file; done;
../docker-cmd.sh:7:28: note: Double quote to prevent globbing and word splitting. [SC2086]
I am not able to visualize any issue on SQ.
Any suggestions ?
Thank you
Shellcheck plugin 2.4.0 hangs when scanning files that contain:
source /dev/stdin <<<"$(curl -s <apiBasePath>/this/is/a/shell/script)"
this alternative works:
source <(curl -s "<apiBasePath>/this/is/a/shell/script")
echo 'source /dev/stdin <<<"$(curl -s <apiBasePath>/this/does/not/exist)"' > test.sh
curl --create-dirs -sLo extensions/plugins/sonar-shellcheck-plugin-2.4.0.jar https://github.com/sbaudoin/sonar-shellcheck/releases/download/v2.4.0/sonar-shellcheck-plugin-2.4.0.jar
docker run -d -v "$(pwd)/extensions:/opt/sonarqube/extensions" --rm --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest -Dsonar.forceAuthentication=false
sleep 120
docker run --network host --rm -v "$(pwd):/usr/src" sonarsource/sonar-scanner-cli -Dsonar.projectKey=test-shell-project -Dsonar.sourceEncoding="UTF-8" -X
# Ctrl-c will stop the scan and proceed to the next line
docker stop sonarqube
Unlike other language plugin , no rules for Vulnerabilities or security hotspot for hardcoded password. Can you add a rule for checking this words for review ? (password, passwd etc.) . Or can you suggest me anyway we can find out anything to fix ?
Any help is appreciated
Good news !
In your readme we can read that our plugin is not compatible with shellcheck: https://github.com/sbaudoin/sonar-shellcheck#plugin-not-compatible-with-the-sonar-i-code-cnes-plugin
As we have deprecated shell analysis in I-Code to use ShellCheck analysis instead, we have removed shell support in the I-Code plugin, so it does not interfere anymore with your plugin :)
It will work with I-Code CNES Plugin 3.0.0 and later: https://github.com/cnescatlab/sonar-icode-cnes-plugin/releases/tag/3.0.0
I run sonar-scanner with ShellCheck from epel repository on CentOS7 and I have this warning:
WARN: Errors happened during analysis:
unrecognized option `-x'
Usage: shellcheck [OPTIONS...] FILES...
-e CODE1,CODE2.. --exclude=CODE1,CODE2.. exclude types of warnings
-f FORMAT --format=FORMAT output format
-s SHELLNAME --shell=SHELLNAME Specify dialect (bash,sh,ksh)
-V --version Print version information
It seems that version available with epel (0.3.8) not working with sonar-shellcheck. But tested with latest version of shellcheck (0.6.0) and option -x
is available. Can you add the minimum version needed for ShellCheck in documentation?
Thanks for your work.
When running with recent SQ servers we can see the following annoying warning:
WARN: Metric 'comment_lines_data' is deprecated. Provided value is ignored.
The readme for this plugin says to use the standalone Sonar Scanner binary. I've configured my Jenkins pipeline according to the SonarQube documentation and use the Sonar Scanner Maven plugin to run the Sonar scans. I cannot find any evidence that this plugin executed when the Sonar Scanner Maven plugin executed its inspections. For example, I can see that the Dependency-Check plugin executed:
[INFO] Sensor Dependency-Check [dependencycheck] (done) | time=5ms
So, does usage of this plugin require the standalone Sonar Scanner, or can this plugin be made to work with the official Sonar Scanner for Maven? If this plugin can be made to work with the Maven plugin, what needs to be done to make it work? I've installed the plugin, configured the location for the shellcheck
binary, and assigned the Shellcheck quality profile to an SQ project, but I don't see the plugin working yet.
Thanks for your help!
When I upgrade the plugin in SonarQube to 2.2.0, I get this error in web.log
:
2019.10.16 16:06:57 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
org.apache.ibatis.exceptions.PersistenceException:Error updating database. Cause: java.sql.SQLException: Incorrect string value: '\xF0\x9F\x9A\xA7 I...' for column 'description' at row 1
The error may involve org.sonar.db.rule.RuleMapper.updateDefinition-Inline
The error occurred while setting parameters
Cause: java.sql.SQLException: Incorrect string value: '\xF0\x9F\x9A\xA7 I...' for column 'description' at row 1
at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30) at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:200) at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:63) at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:59) at com.sun.proxy.$Proxy44.updateDefinition(Unknown Source) at org.sonar.db.rule.RuleDao.update(RuleDao.java:173) at org.sonar.server.rule.RegisterRules.update(RegisterRules.java:770) at org.sonar.server.rule.RegisterRules.registerRule(RegisterRules.java:376) at org.sonar.server.rule.RegisterRules.start(RegisterRules.java:132) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.invokeMethod(ReflectionLifecycleStrategy.java:110) at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.start(ReflectionLifecycleStrategy.java:89) at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84) at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169) at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132) at org.picocontainer.behaviors.Stored.start(Stored.java:110) at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016) at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009) at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767) at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135) at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90) at org.sonar.server.platform.platformlevel.PlatformLevelStartup.access$001(PlatformLevelStartup.java:46) at org.sonar.server.platform.platformlevel.PlatformLevelStartup$1.doPrivileged(PlatformLevelStartup.java:82) at org.sonar.server.user.DoPrivileged.execute(DoPrivileged.java:46) at org.sonar.server.platform.platformlevel.PlatformLevelStartup.start(PlatformLevelStartup.java:79) at org.sonar.server.platform.Platform.executeStartupTasks(Platform.java:196) at org.sonar.server.platform.Platform.access$400(Platform.java:46) at org.sonar.server.platform.Platform$1.lambda$doRun$1(Platform.java:121) at org.sonar.server.platform.Platform$AutoStarterRunnable.runIfNotAborted(Platform.java:371) at org.sonar.server.platform.Platform$1.doRun(Platform.java:121) at org.sonar.server.platform.Platform$AutoStarterRunnable.run(Platform.java:355) at java.lang.Thread.run(Thread.java:748)
Caused by: java.sql.SQLException: Incorrect string value: '\xF0\x9F\x9A\xA7 I...' for column 'description' at row 1
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:965)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3976)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3912)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2530)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2683)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2486)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:1858)
at com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1197)
at org.apache.commons.dbcp2.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:94)
at org.apache.commons.dbcp2.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:94)
at org.apache.ibatis.executor.statement.PreparedStatementHandler.update(PreparedStatementHandler.java:46)
at org.apache.ibatis.executor.statement.RoutingStatementHandler.update(RoutingStatementHandler.java:74)
at org.apache.ibatis.executor.ReuseExecutor.doUpdate(ReuseExecutor.java:52)
at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117)
at org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:76)
at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:198)
... 33 common frames omitted
2019.10.16 16:06:57 INFO web[][o.s.p.StopWatcher] Stopping process
It is definitely from the shellcheck plugin, because the error goes away when I delete the plugin's jar and restart SonarQube.
SonarQube version: 7.7.
The ShellCheck Sensor plugin doesn't work for me:
INFO: Java Main Files AST scan (done) | time=22088ms
INFO: Java Test Files AST scan
INFO: 0 source files to be analyzed
INFO: Java Test Files AST scan (done) | time=1ms
INFO: Sensor JavaSquidSensor [java] (done) | time=23251ms
INFO: Sensor Python Squid Sensor [python]
INFO: 615/615 source files have been analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor Python Squid Sensor [python] (done) | time=8094ms
INFO: Sensor Cobertura Sensor for Python coverage [python]
INFO: Sensor Cobertura Sensor for Python coverage [python] (done) | time=822ms
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=852ms
INFO: Sensor SonarCSS Metrics [cssfamily]
INFO: Sensor SonarCSS Metrics [cssfamily] (done) | time=2388ms
INFO: Sensor SonarCSS Rules [cssfamily]
INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=3164ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=63ms
INFO: Sensor ShellCheck Sensor [shellcheck]
ERROR: Error executing command
java.io.IOException: Cannot run program "shellcheck": error=2, No such file or directory
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1048)
at com.github.sbaudoin.sonar.plugins.shellcheck.rules.ShellCheckSensor.executeCommand(ShellCheckSensor.java:165)
at com.github.sbaudoin.sonar.plugins.shellcheck.rules.ShellCheckSensor.execute(ShellCheckSensor.java:105)
at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53)
at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:68)
at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:88)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:180)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:288)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:283)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:261)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:84)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:121)
at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:71)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:185)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:137)
at org.sonarsource.scanner.cli.Main.execute(Main.java:111)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.io.IOException: error=2, No such file or directory
at java.lang.UNIXProcess.forkAndExec(Native Method)
at java.lang.UNIXProcess.<init>(UNIXProcess.java:247)
at java.lang.ProcessImpl.start(ProcessImpl.java:134)
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1029)
... 34 common frames omitted
OS: CentOS Linux release 7.6.1810 (Core)
SonarQube: 6.7.3.38370
sonar-shellcheck: 2.0.0
Any idea?
Hi,
Dunno how to have more log about this but, this plugin crash the Compute Engine at starting
2019.10.22 08:43:41 INFO ce[][o.s.p.ProcessEntryPoint] Starting ce
2019.10.22 08:43:41 INFO ce[][o.s.ce.app.CeServer] Compute Engine starting up...
2019.10.22 08:43:42 INFO ce[][o.s.c.e.CoreExtensionsLoader] Loaded core extensions: developer-edition, developer-scanner, developer-server, license
2019.10.22 08:43:42 INFO ce[][o.e.p.PluginsService] no modules loaded
2019.10.22 08:43:42 INFO ce[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.join.ParentJoinPlugin]
2019.10.22 08:43:42 INFO ce[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.percolator.PercolatorPlugin]
2019.10.22 08:43:42 INFO ce[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
2019.10.22 08:43:43 INFO ce[][o.s.s.e.EsClientProvider] Connected to local Elasticsearch: [127.0.0.1:9001]
2019.10.22 08:43:43 INFO ce[][o.sonar.db.Database] Create JDBC data source for jdbc:postgresql://localhost/sonar
2019.10.22 08:43:45 INFO ce[][o.s.s.p.ServerFileSystemImpl] SonarQube home: /opt/sonarqube-8.0
2019.10.22 08:43:45 INFO ce[][o.s.c.c.CePluginRepository] Load plugins
2019.10.22 08:43:46 ERROR ce[][o.s.ce.app.CeServer] Compute Engine startup failed
java.lang.IllegalStateException: Fail to load plugin ShellCheck Analyzer [shellcheck]
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:88)
at org.sonar.ce.container.ComputeEngineContainerImpl.startLevel4(ComputeEngineContainerImpl.java:230)
at org.sonar.ce.container.ComputeEngineContainerImpl.start(ComputeEngineContainerImpl.java:196)
at org.sonar.ce.ComputeEngineImpl.startup(ComputeEngineImpl.java:45)
at org.sonar.ce.app.CeServer$CeMainThread.attemptStartup(CeServer.java:163)
at org.sonar.ce.app.CeServer$CeMainThread.run(CeServer.java:141)
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.*")
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.base/java.security.AccessController.checkPermission(AccessController.java:897)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
at java.base/java.lang.System.getenv(System.java:1042)
at com.github.sbaudoin.sonar.plugins.shellcheck.ShellCheckPlugin.define(ShellCheckPlugin.java:31)
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:78)
... 5 common frames omitted
2019.10.22 08:43:46 INFO ce[][o.s.p.ProcessEntryPoint] Hard stopping process
Best regards
During run of shellcheck extension in sonarqube the analysis is not detecting any duplications in result even when multiple duplicated files or lines are added.
Hi,
I have currently installed shellcheck plugin version-2.4 on sonarqube-7.9 version.
I wanted to know if shellcheck plugin is compatible with sonarqube-8.9 version?
Which version of shellcheck plugin supports sonarqube-8.9?
Is there any known bug/ issue that might arise if shellcheck is compatible with sonarqube-8.9?
Regards,
Alok Singh
The Sonar i-Code CNES plugin already analyses Shell script and already defines the Shell language and a 'Sonar way' profile. As a consequence, if you install both plugins Sonar won't start.
Dear sbaudin,
I am trying to enable static code analysis for shell scripts using SonarQube 8.0 (also tried with newest one - v9.0) and shellcheck plugin v0.71 and shellcheck analyzer 2.4.0 from Marketplace on SonarQube
ShellCheck - shell script analysis tool
version: 0.7.1
license: GNU General Public License, version 3
I've editted the sonar-project.properties file as it is written in https://github.com/sbaudoin/sonar-shellcheck
When I tried to execute sonar-scanner I am experiencing the following error:
ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: Cannot register highlighting rule for characters at Range[from [line=32, lineOffset=77] to [line=36, lineOffset=0]] as it overlaps at least one existing rule
at org.sonar.api.batch.sensor.highlighting.internal.DefaultHighlighting.checkOverlappingBoundaries(DefaultHighlighting.java:60)
at org.sonar.api.batch.sensor.highlighting.internal.DefaultHighlighting.doSave(DefaultHighlighting.java:120)
at org.sonar.api.batch.sensor.internal.DefaultStorable.save(DefaultStorable.java:45)
at com.github.sbaudoin.sonar.plugins.shellcheck.rules.ShellCheckSensor.saveSyntaxHighlighting(ShellCheckSensor.java:304)
at com.github.sbaudoin.sonar.plugins.shellcheck.rules.ShellCheckSensor.execute(ShellCheckSensor.java:146)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:48)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:85)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:77)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:82)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:387)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:383)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:346)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:141)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
ERROR:
I tried to disable highlighting rule by modifying properties file, but without success. The strange thing is that code analysis is passed for some of the scripts and they are successfully uploaded in SonarQube Server when I am using only them.
Can you help with advising how can I avoid such error and upload code in SonarQube Server for all shell scripts?
Thank you in advance.
Regards,
Ivailo
I currently have to create links to all our existing shebanged shell scripts to get them analyzed. I see that empty strings get filtered from the suffix list. My work around breaks blame info. CLI Shellcheck checks files without extensions/suffixes just fine. This should be configurable.
(
)Hi,
I am getting the following error "ERROR: Error executing command: Cannot run program "shellcheck": error=2, No such file or directory. ERROR: Is the command installed and in the path?" on GitLab pipeline when scanning shell scripts.
This plugin was installed on the server where sonarqube is hosted and I added the /usr/bin/shellcheck PATH to .bashrc as well as sourced it to sync up. I also restarted the server after all the steps mentioned.
Versions:
sonar-shellcheck - 2.4.0
sonar version - 8.6.0.39681-0 on Debian 10 (AMI provided by bitnami)
shellcheck - 0.5.0
I would like to see the static code analysis of the shell scripts in the specified project. Can you provide suggestions/thoughts on what might be incorrect in the setup?
Regards,
Sumukha
See adc075d#diff-fd8cf033360af5125ee5d52cd836e0b72a43de855b45d32bc71d244ae55448c2R102: the code won't be highlighted if there is no active rule for this plugin.
I cannot see this plugin in the list of available plugins using version 8.1 of SonarQube.
Hi there,
I have an issue with the sonar-shellcheck plugin.
I have some specials caracters 'FF' (FORM FEED), 'CR' (CARIAGE RETURN) in shell scripts, and it doesn't work with the sonar-shellcheck plugin :
ERROR: Error during SonarScanner execution
java.lang.IllegalArgumentException: Unable to highlight file [...]
at org.sonar.api.batch.sensor.highlighting.internal.DefaultHighlighting.highlight(DefaultHighlighting.java:97)
at org.sonar.api.batch.sensor.highlighting.internal.DefaultHighlighting.highlight(DefaultHighlighting.java:37)
at com.github.sbaudoin.sonar.plugins.shellcheck.highlighting.HighlightingData.highlight(HighlightingData.java:58)
at com.github.sbaudoin.sonar.plugins.shellcheck.rules.ShellCheckSensor.saveSyntaxHighlighting(ShellCheckSensor.java:298)
at com.github.sbaudoin.sonar.plugins.shellcheck.rules.ShellCheckSensor.execute(ShellCheckSensor.java:139)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:48)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:85)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:77)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:82)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:386)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:382)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:351)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:141)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalArgumentException: 26 is not a valid line offset for pointer. File [...] has 23 character(s) at line 98
at org.sonar.api.utils.Preconditions.checkArgument(Preconditions.java:43)
at org.sonar.api.batch.fs.internal.DefaultInputFile.checkValid(DefaultInputFile.java:339)
at org.sonar.api.batch.fs.internal.DefaultInputFile.newPointer(DefaultInputFile.java:272)
at org.sonar.api.batch.fs.internal.DefaultInputFile.newRange(DefaultInputFile.java:288)
at org.sonar.api.batch.sensor.highlighting.internal.DefaultHighlighting.highlight(DefaultHighlighting.java:95)
... 34 more
Can you fix this issue ?
It would be great if I could just disable the ShellCheck plugin by setting a single property, e.g.:
sonar.shellcheck.skip=true
This would be similar to what e.g. the SonarQube Build Breaker plugin features. It can be disabled by setting a similar property:
sonar.buildbreaker.skip=true
See:
Hello, does the installation of this plug-in depend on the Internet?My environment is CentOS but can't connect to the Internet. Can I use your plug-in?thank you
We had installed ShellCheck plugin 2.4.0 on January, 2022, but it looks like this plugin got uninstalled automatically without any intimation or alert.
When we are trying to install ShellCheck Analyzer 2.5.0 on our system, we get an error Error while downloading plugin “shellcheck” with version “2.5.0”. No compatible plugin found.
Could you please advise to install ShellCheck Analyzer 2.5.0 on our sonarqube 8.4.2 version.
Also, Please confirm why this shellcheck plugin got uninstalled automatically. because it’s impacting our pipelines.
I'm going to use shell plugin only for any projects, how I can disable plugin work without remove from SQ server?
SonarQube: serverVersion=8.5.1.38104
shellcheck-plugin: sonar-shellcheck-plugin-2.3.0.jar
sonar-scanner-cli (docker-image)=4.50
checking a shell file and make the results visible in sonarqube server project
running the sonar-scanner-cli traces the following output
sonarscanner_1 | 12:57:16.871 DEBUG: Executing command: [shellcheck, -x, -f, json, /usr/src/<file.sh>]
sonarscanner_1 | 12:57:18.197 DEBUG: Output from shellcheck:
sonarscanner_1 | 12:57:18.200 INFO: Sensor ShellCheck Sensor [shellcheck] (done) | time=1331ms
and i dont see any infos in the project view in sonar server
running shellcheck -f json <file.sh>
traces lots of warns, errors
thx a lot
To ease the identification of potential issues, the plugin logs should output the version of ShellCheck used to analyze the code.
Please support the .bash
file suffix by default.
As per SonarQube requirements, plugin declaring a new language must provide at least basic metrics such as size metrics.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.