Sonar complains about a line.
Thread.sleep(SLEEP_TIME); // NOSONAR
Its problem is that
"Thread.sleep" should not be used in tests
Using Thread.sleep in a test is just generally a bad idea. It creates brittle tests that can fail unpredictably depending on environment ("Passes on my machine!") or load.
And it makes sense, this should be fixed. But my problem is: why doesn't the NOSONAR
part has any effect here? It seems to work in other parts of the code where it's used, e.g. with
public static final String PASSWORD_FILE_NAME = "secret.txt"; // NOSONAR
it doesn't complain any more that there is a hardcoded password in the code. So why doesn't it work with the Thread.sleep()
case?
I can see the issue both in SonarQube and in the SonarLint plugin for IntelliJ.
The SonarQube JAVA Analyzer allows you to use the "@SuppressWarnings" annotation to disable a specific rule locally. It will allows you to disable issues on a single line, by placing the annotation directly above an instruction, or in an entire block, by placing it above a class or a method for instance.
In Java, we can exclude Sonar checks using the built-in @SuppressWarnings annotation. This works exactly the same way as suppressing compiler warnings. All we have to do is specify the rule identifier, in this case java:S106.
Ignore Code Coverage To do so, go to Project Settings > General Settings > Analysis Scope > Code Coverage and set the Coverage Exclusions property.
sonar.test.inclusions. Comma-delimited list of test file path patterns to be included in analysis. When set, only test files matching the paths set here will be included in analysis. sonar.issue.ignore.allfile. Files containing text matching this regular expression will be ignored by analysis.
You are basically hitting this problem : https://jira.sonarsource.com/browse/SONARJAVA-1113
Which was that the // NOSONAR
was not taken into account in tests.
This has been fixed in the latest release of the sonar java plugin release (3.11)
(On a side note, using NOSONAR is not great IMO, you should keep track of issue you don't want to fix using SonarQube rather than cluttering your code with comments that are linked to a specific external tool)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With