Output of shellcheck is empty

[d3vopz-net]

which versions are you using

SonarQube: serverVersion=8.5.1.38104 shellcheck-plugin: sonar-shellcheck-plugin-2.3.0.jar sonar-scanner-cli (docker-image)=4.50

what are you trying to achieve

checking a shell file and make the results visible in sonarqube server project

what have you tried so far to achieve this

running the sonar-scanner-cli traces the following output

sonarscanner_1 | 12:57:16.871 DEBUG: Executing command: [shellcheck, -x, -f, json, /usr/src/<file.sh>]
sonarscanner_1 | 12:57:18.197 DEBUG: Output from shellcheck:
sonarscanner_1 | 12:57:18.200 INFO: Sensor ShellCheck Sensor [shellcheck] (done) | time=1331ms

and i dont see any infos in the project view in sonar server

running shellcheck -f json <file.sh> traces lots of warns, errors

thx a lot

[sbaudoin]

Hello,

Thanks for reporting the issue. You are lucky, I was going to release a new version of the plugin so if it is confirmed I'll embed the fix for this issue in the next release.

Anyway, I have not tried yet the sonar scanner image, I'll try that. However, some of my integration tests run against SQ 8.5 with the scanner 4.5.0.2216 and they pass, so that's strange. I can see 2 possibilities:

• You run a version of Shellcheck that I did not test (my integration tests use the latest version available for the OS of the SQ container; with SQ 8.5 this is 0.7.0, which is not the latest version but almost). So @d3vopz-net can you give the version of Shellcheck you are using, please?
• I run Shellcheck with the -x option. By experience I know that using -x leads to getting far less issues than running Shellcheck without it. However I use this flag because again by experience running shellcheck without -x against numerous scripts without knowing how they fit all together leads to many false positive errors. So @d3vopz-net can you try to run manually shellcheck with this option and tell me if you think that some issues are really missing?

At the moment, the fix I can see would be to add a plugin parameter to enable or disable the -x option: you would run Shellcheck without -x and then consider using the project exclusion settings (Project General Settings > Analysis Scope) to exclude the Shell scripts that would cause the plugin to report too many errors.

[d3vopz-net]

Hi sbaudoin Im using the latest docker container https://hub.docker.com/r/sonarsource/sonar-scanner-cli its source is https://github.com/SonarSource/sonar-scanner-cli-docker In the Dockerfile shellcheck is installed apk add --no-cache git python3 bash shellcheck If i run the current image with docker run -it sonarsource/sonar-scanner-cli /bin/bash and la voila

shellcheck --version
ShellCheck - shell script analysis tool
version: 0.7.0
license: GNU General Public License, version 3
website: https://www.shellcheck.net

thx a lot

[sbaudoin]

Thanks for the details. What happens if you run manually shellcheck on the files of your project with the -x option?

[sbaudoin]

I'm also interested in an archive containing some scripts so that I can reproduce and study this issue, please.

[1Fabian1]

Hi, I don't want to create duplicate, but I have exactly the same issue.

During sonar scanner analysis output from one file is empty, while executing shellcheck on this file returns plenty of errors. Whats strange I have a lot of *.sh files to scan(100+), and only this one shows empty result, not to mistake with "[]" result.

some output 13:44:29.490 DEBUG: Analyzing file: 13:44:29.490 DEBUG: Executing command: [shellcheck, -x, -f, json, ] 13:44:30.779 DEBUG: Output from shellcheck: 13:44:30.782 DEBUG: '' generated metadata with charset 'UTF-8' 13:44:30.792 DEBUG: Analyzing file: 13:44:30.792 DEBUG: Executing command: [shellcheck, -x, -f, json, ] 13:44:31.059 DEBUG: Output from shellcheck: 13:44:31.059 DEBUG: [] 13:44:31.059 DEBUG: Count lines in 13:44:31.059 DEBUG: '' generated metadata with charset 'UTF-8' 13:44:31.063 DEBUG: Analyzing file: 13:44:31.063 DEBUG: Executing command: [shellcheck, -x, -f, json, ] 13:44:31.265 DEBUG: Output from shellcheck: 13:44:31.265 DEBUG: [{some output here}] 13:44:31.266 DEBUG: '' generated metadata with charset 'UTF-8' 13:44:31.266 DEBUG: Issue SC1090 saved for 13:44:31.266 DEBUG: Count lines in

while /opt/shellcheck-v0.7.1/shellcheck-v0.7.1/shellcheck -x -f json produces proper output which versions are you using SonarQube: serverVersion: 7.9.4.35981 sonar-scanner-cli: 4.3.0.2102 shellcheck-plugin: v2.4.0 shellcheck: v0.7.1 and v0.7.2 (tested on both, had same results)

what are you trying to achieve I want to scan all the *.sh files

what have you tried so far to achieve this Tried different version of shellcheck v0.7.2 with the same result.

[sbaudoin]

@1Fabian1 if that's not too late, is it possible to get the file in question, please? If that's always the same file that gets ignored, it certainly contains a "problem". I would need it to reproduce the issue, because so far I cannot understand what's wrong.

[1Fabian1]

Hi @sbaudoin

Unfortunately I cannot share mentioned file with You. As I couldn't affect anything I left it as it was (file wasn't scanned), I checked how does it behave now and I have issues from this file on sonarqube gui, so it looks like it works. I changed few things since last time but I can't remind myself what it was, for sure shellcheck have the same version.

Regards, Fabian

[sbaudoin]

Hello,

So should we close this issue?