sonarqube-repair is a system to repair sonarqube bugs.
Null pointers should not be dereferenced (Sonar Rule 2259) -
The repair is implemented as follows :
Consider a statement like x.functionCall(); where x is nullable. If x is
a variable, then the repair adds an if-check to test if x is null.
If x is itself the result of a function call, it is enclosed by a try-catch
block. The repair does not handle array dereference like arr[0] where arr
is nullable.
Dead Stores should be removed(Sonar Rule 1854) -
The repair repair consists of deleting the useless assignment.
Merged Pull Requests:
- INRIA/spoon#2265 (removes one sonar violation)
- INRIA/spoon#2256 (removes two sonar violations)
Fields in a "Serializable" class should be serializable (Sonar Rule 1948) -
The repair adds the modifier transient to all non-serializable
fields. In the future, the plan is to give user the option if they want to go the class
of that field and add implements Serializable to it.
Merged Pull Requests:
- INRIA/spoon#2059 (removes 10 sonarqube bugs)
- INRIA/spoon#2121 (removes 3 sonarqube bugs)
- INRIA/spoon#2241 (removes 83 sonarqube bugs)
Non-serializable super class of a "Serializable" class should have a no-argument constructor (Sonar Rule 2055) -
The repair adds a no-argument empty constructor to the superclass, or removes "implements Serializable" from the subclass, depending on user's choice.
NonSerializableSuperClassProcessor
Merged Pull Requests:
- INRIA/spoon#2173 (removes 3 sonar violations)
Resources should be closed (Sonar Rule 2095) -
The repair encloses the parent block of resource intialization in a try-with resources. If it was already in a try block it replaces the try with try-with-resources instead of creating a new one, so that useless nested try blocks are not created.
A JDK(java 1.8 or above) and a java IDE is needed to use this repair system. Maven is required to build the project.
To use it, run:
git clone https://github.com/kth-tcs/sonarqube-repair.git
Import it as maven project in your favourtite Java IDE. Put files to be
repaired in sonarqube-repair/source/act/. Note that you need to create this directory.
Then run the main function. You can either give command line arguments or set the rule
number and project-key manually in the main function in src/main/java/Main.java.
The repaired files will
appear in sonarqube-repair/spooned/ . Also you need to set the url of
the sonar analysis of your project in src/main/java/ParseAPI.java
if it is different from sonarcloud.io
run mvn test to run the tests for all repairs.
Feel free to open issues on this github repository.
Pull requests for improvements or new features are welcome by all contributers.
- Ashutosh Kumar Verma ashutosh1598
- Martin Monperrus monperrus
- Pavel Pvojtechovsky pvojtechovsky
Sonarjava had to be changed in order to return the appropriate issue information for offline-repair. The changes are at ASSERT-KTH/sonar-java#1 . Now I(Ashutosh) don't think that doing offline-repair is a good idea and we should stick to using the web api. I don't know of a way to offline detect issues which have their components in more than one file.
Spoon SonarQube: https://sonarqube.ow2.org/project/issues?id=fr.inria.gforge.spoon%3Aspoon-core&resolved=false&types=BUG