Search code examples
androidandroid-studiosonarqubelintsonar-runner

SonarRunner: Unable to find file warning

I have configured an Android sample app project in order to detect Lint errors and include them into SonarQube server. Everything works fine but when I explicitly introduce an error in AndroidManifest.xml (deleting the allowBackup line), the sonar-runner execution shows the next warning:

16:33:57.681 WARN  - Unable to find file C:\Code\Android\SampleApp\app\src\main\AndroidManifest.xml to report issue

The path is OK, so that is not the problem. Moreover, the error is located properly when I make gradle lint and written into lint-results.xml file:

<issue
    id="AllowBackup"
    severity="Warning"
    message="Should explicitly set `android:allowBackup` to `true` or `false` (it&apos;s `true` by default, and that can have some security implications for the application&apos;s data)"
    category="Security"
    priority="3"
    summary="Missing `allowBackup` attribute"
    explanation="The allowBackup attribute determines if an application&apos;s data can be backed up and restored. It is documented at http://developer.android.com/reference/android/R.attr.html#allowBackup

By default, this flag is set to `true`. When this flag is set to `true`, application data can be backed up and restored by the user using `adb backup` and `adb restore`.

This may have security consequences for an application. `adb backup` allows users who have enabled USB debugging to copy application data off of the device. Once backed up, all application data can be read by the user. `adb restore` allows creation of application data from a source specified by the user. Following a restore, applications should not assume that the data, file permissions, and directory permissions were created by the application itself.

Setting `allowBackup=&quot;false&quot;` opts an application out of both backup and restore.

To fix this warning, decide whether your application should support backup, and explicitly set `android:allowBackup=(true|false)&quot;`"
    url="http://developer.android.com/reference/android/R.attr.html#allowBackup"
    urls="http://developer.android.com/reference/android/R.attr.html#allowBackup"
    errorLine1="    &lt;application
"
    errorLine2="    ^"
    quickfix="studio,adt">
    <location
        file="C:\Code\Android\SampleApp\app\src\main\AndroidManifest.xml"
        line="5"
        column="5"/>
</issue>

What can be causing this warning and why the error is not shown in SonarQube server?

Solution

  • This warning is shown because the xml file is not indexed by the platform. As a consequence the android lint plugin tries to report your issue but the file cannot be found on the server side.

    This is a current limitation of the platform that should be addressed very soon.

    To workaround this limitation and index your xml file you can either :

    • install the xml plugin (which will force indexation of xml files)
    • if you are using SonarQube 5.1 you can set sonar.import_unknown_files to true.

    (you can also have a look at this thread for a little more info)