Skip to content

Quick fix to ignore markers on SonarQube related "SuppressWarnings"#1045

Open
thahnen wants to merge 5 commits into
SonarSource:masterfrom
thahnen:master
Open

Quick fix to ignore markers on SonarQube related "SuppressWarnings"#1045
thahnen wants to merge 5 commits into
SonarSource:masterfrom
thahnen:master

Conversation

@thahnen

@thahnen thahnen commented May 7, 2026

Copy link
Copy Markdown
Contributor

Summary

When using the annotation SuppressWarnings on anything in Java and providing it with a SonarQube-related rule key, the analyzer will ignore violations of that rule in the given scope. In Eclipse this annotation is handled by Eclipse JDT but very strictly: A marker on the Warning level is raised for every encountered annotation with a value (or multiple) like java:S6548. This is due the values allowed for the annotation being hardcoded in the Eclipse JDT implementation - very sub-optimal.

This change adds a Quick Fix to the marker that directly configures the plug-in to ignore these makers - not all related to the SuppressWarnings annotation, only the ones Eclipse JDT deems "unsupported". This Quick Fix is also only applied when Eclipse JDT is present - not raising issues with IDEs without the Java tooling.
For this I had to refactor SonarLintImages a bit, moving out the parts that rely on more than the "standard" Eclipse imports (bundles) to not carry over the dependencies to the org.sonarlint.eclipse.jdt bundle (like SonarLint Core).

I also added unit tests because everyone prefers unit tests over integration tests. For how this looks like in the UI, please see this screenshot:

QuickFix

Additional Info

This PR also features 2 other commits, one related to one incompatibility being fixed - this cannot be found in the IDE as the code in question is not running in the ITs and the compilation is done against the oldest Eclipse IDE running on Java 11. Only when developing inside Eclipse, the target platform with the latest Eclipse IDE is used (on purpose).

The other commit is simplifying the development on forks or when contributing due to the CFamily analyzer being closed source. I will properly add another commit, separately, at some point regarding the target platforms (since they are also now hidden behind Repox authentication) to make it a bit easier for forks. Not in scope of this PR - the commit provided is just blocking completely.

Limitations

With the Quick Fix I'm covering all the SonarQube rule keys I know of that are relevant to Java (at least present on latest SQ-C and SQ-S/SQ-SB), if you know of more I might have forgotten, feel free to add them to the class, condition and test. Otherwise Next complains about coverage 😛

thahnen added 3 commits May 7, 2026 22:14
When having a fork of the repository, e.g. to contribute to it, the CFamily
analyzer cannot be downloaded ("-Dskip-sonarsource-repo") since it is closed
source. In this case, running the plug-in would not be possible, neither from
the IDE nor the packaged version.
Eclipse JDT only accepts specific values for the "SuppressWarnings" annotation,
that also cannot be extended. For SonarQube analyzers linked to Java (incl.
Security, DBD, Architecture) one can use the annotation to suppress rule
violations on different levels.

Eclipse JDT raising warning markers on these suppressed warnings as
"unsupported" is highly annoying and there should be an option to ignore the
compiler warning.

This adds a quick fix to this warning, that will configure Eclipse JDT to ignore
these markers.
This method is not available in the newest version of the Eclipse IDE (SDK to be
precise), replace this with a method from the Java Standard Library to be
compatible with every (supported) version of the Eclipse IDE.
@sonar-review-alpha

sonar-review-alpha Bot commented May 7, 2026

Copy link
Copy Markdown

Summary

This PR adds a quick fix for Eclipse JDT's "Unsupported @SuppressWarnings" markers that appear when using SonarQube rule keys in annotations (e.g., @SuppressWarnings("java:S1234")). When users apply the quick fix, it silently disables JDT's compiler warning about unrecognized tokens, matching how SonarQube's analyzers already handle these annotations.

Three supporting changes enable this: (1) refactoring SonarLintImages to extract Core-dependent methods into ExtendedSonarLintImages so the JDT bundle doesn't need to depend on SonarLint Core, (2) making the CFamily plugin optional in the backend to support community forks where it's not available, and (3) fixing a deprecated API call in AbstractFixSuggestionDialog.

What reviewers should know

Where to start: Reviewers should first understand the core quick fix logic in SuppressWarningsQuickFixGenerator and SuppressWarningsQuickFix. The generator detects relevant markers by checking the message contains both "Unsupported @SuppressWarnings" and a SonarQube prefix (java:, javasecurity:, javabugs:, or javaarchitecture:), then the quick fix applies the setting globally or to the Java project if available.

Key architectural decision: The image refactoring exists because SuppressWarningsQuickFix needs to import SonarLintImages.RESOLUTION_QUICKFIX_CHANGE, but the JDT bundle cannot depend on SonarLint Core (which is what the old SonarLintImages depended on). The solution extracts Core-dependent image methods into ExtendedSonarLintImages and makes SonarLintImages a base class with only standard Eclipse imports. Callers in the UI bundle now use ExtendedSonarLintImages for the image composition methods.

Testing scope: Unit tests mock Eclipse JDT APIs and verify that the quick fix: (1) only applies to relevant markers, (2) correctly identifies SonarQube rule keys in marker messages, (3) sets COMPILER_PB_UNHANDLED_WARNING_TOKEN to IGNORE, and (4) handles project-level vs. global configuration fallback. The tests note that true project-level configuration with JavaModel requires integration tests, so they verify the fallback to global options works.

Potential concerns:

  • The CFamily plugin change is a behavioral shift (lines 161–169 of SonarLintBackendService.java). It now silently skips the plugin if not found instead of failing. This is intentional for fork support but worth confirming it doesn't mask real issues in standard builds.
  • Make sure all references to SonarLintImages image composition methods in the UI bundle were updated to ExtendedSonarLintImages (check lines 776–843).

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

sonar-review-alpha[bot]

This comment was marked as resolved.

@thahnen thahnen changed the title Quick fix to ignore markers on SonarQube related "SuppressWarnings" [WIP] Quick fix to ignore markers on SonarQube related "SuppressWarnings" May 11, 2026
@thahnen

thahnen commented May 11, 2026

Copy link
Copy Markdown
Contributor Author

I need to find some time later this week to implement the requested changes by the agent, didn't find the time yet.

@sonar-review-alpha sonar-review-alpha Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR has several real issues that need addressing before merge.

The previously flagged missing license header on ExtendedSonarLintImages.java is still present in the diff — that file still has no LGPL header.

🗣️ Give feedback

nquinquenel added a commit that referenced this pull request May 21, 2026
SonarJS 12.5.0.41048 (released 2026-05-18) produces zero diagnostics
on trivial JS fixtures in the sonarlint-vscode extension test suite
- likely regression introduced by JS-1649 "Enable rules dynamically
based on per-file import declarations".

Rolling back to 12.4.0.40770 across SonarLint products until a SonarJS
fix ships. See also: sonarlint-vscode PR #1045 (revert 0399dd5),
sonarlint-intellij PR #1784 (revert 2e0a5c99).
@thahnen thahnen changed the title [WIP] Quick fix to ignore markers on SonarQube related "SuppressWarnings" Quick fix to ignore markers on SonarQube related "SuppressWarnings" Jun 18, 2026
@thahnen

thahnen commented Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

@nquinquenel, it is ready, anyone of you want to pick it up? In case you decide at some point not to apply this PR, at least cherry-pick the fixes regarding SonarLintBackendService and AbstractFixSuggestionDialog to master 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant