SONARJAVA-6365 New scanner-integration-tester wrapper for multi-module unit tests

[leonardo-pilastri-sonarsource]

---

Summary by Gitar

• New testing infrastructure:
  • Integrated sonar-scanner-integration-tester as a dependency for multi-module analysis.
  • Added JavaRuleMetadata to resolve rule metadata from JSON resources and generate ActiveRule instances.
  • Added ModuleBuilder to support configuration of module-specific sources, binaries, libraries, and inter-module dependencies.
• Helper utilities:
  • Introduced a suite of builder classes (ScannerVerifier, ScannerVerifierProjectBuilder, etc.) to facilitate structured integration testing of multi-module projects.

_{This will update automatically on new commits.}

[sonarqubecloud]

Agentic Analysis: Early Results

Agentic Analysis and Context Augmentation are available on your project. Here are some issues that could have been prevented. Follow the links to learn how to put them into action.

12 issue(s) found across 4 file(s):

Rule	File	Line	Message
java:S1144	java-checks-testkit/A.java	2	Remove this unused private "BAD_METHOD_NAME" method.
java:S1186	java-checks-testkit/A.java	2	Add a nested comment explaining why this method is empty, throw an UnsupportedOperationException or complete the implementation.
java:S100	java-checks-testkit/A.java	2	Rename this method name to match the regular expression '^[a-z][a-zA-Z0-9]*$'.
java:S1144	java-checks-testkit/src/A.java	2	Remove this unused private "BAD_METHOD_NAME" method.
java:S1186	java-checks-testkit/src/A.java	2	Add a nested comment explaining why this method is empty, throw an UnsupportedOperationException or complete the implementation.
java:S100	java-checks-testkit/src/A.java	2	Rename this method name to match the regular expression '^[a-z][a-zA-Z0-9]*$'.
java:S5838	java-checks-testkit/src/test/java/org/sonar/java/checks/verifier/sit/ModuleBuilderTest.java	114	Use assertThat(actual).containsEntry(key, value) instead.
java:S5838	java-checks-testkit/src/test/java/org/sonar/java/checks/verifier/sit/ModuleBuilderTest.java	115	Use assertThat(actual).containsEntry(key, value) instead.
java:S5838	java-checks-testkit/src/test/java/org/sonar/java/checks/verifier/sit/ModuleBuilderTest.java	116	Use assertThat(actual).containsEntry(key, value) instead.
java:S5838	java-checks-testkit/src/test/java/org/sonar/java/checks/verifier/sit/ScannerVerifierProjectBuilderTest.java	105	Use assertThat(actual).containsEntry(key, value) instead.
java:S5838	java-checks-testkit/src/test/java/org/sonar/java/checks/verifier/sit/ScannerVerifierProjectBuilderTest.java	107	Use assertThat(actual).containsEntry(key, value) instead.
java:S5838	java-checks-testkit/src/test/java/org/sonar/java/checks/verifier/sit/ScannerVerifierProjectBuilderTest.java	108	Use assertThat(actual).containsEntry(key, value) instead.

_{Analyzed by SonarQube Agentic Analysis in 9.1 s}

[hashicorp-vault-sonar-prod]

SONARJAVA-6365

[gitar-bot]

⚠️ Quality: Accidentally committed A.java test fixture files

Two files java-checks-testkit/A.java and java-checks-testkit/src/A.java appear to be accidentally committed. They are not referenced by any test code — ScannerVerifierTest dynamically creates the same content in a temporary directory. These files pollute the project root and the src/ directory of the module, and could confuse developers or interfere with build tools that scan for .java files.

Remove the accidentally committed test fixture files that are not referenced anywhere.:

git rm java-checks-testkit/A.java java-checks-testkit/src/A.java

• Apply fix

_{Check the box to apply the fix or reply for a change | Was this helpful? React with 👍 / 👎}

[gitar-bot]

CI failed: The build is failing in the `java-checks-testkit` module due to OS-specific path separator inconsistencies on Windows and a missing plugin JAR dependency, alongside a `ClassFormatError` in the `java-jsp` module possibly linked to JDK version compatibility.

Overview

The java-checks-testkit module failed during unit tests across multiple environments. The issues include path normalization errors on Windows and an environment-specific initialization failure for ScannerVerifierAnalysisBuilder.

Failures

Windows Path Inconsistency and Missing Dependency (confidence: high)

• Type: test
• Affected jobs: Windows CI runner jobs
• Related to change: yes
• Root cause: The tests use hardcoded forward-slash paths (e.g., 'target/classes') which do not match the backslash-delimited paths returned by Windows systems. Additionally, ScannerVerifierAnalysisBuilder fails to locate sonar-java-plugin.jar during test execution.
• Suggested fix: Update test assertions in ModuleBuilderTest and ScannerVerifierProjectBuilderTest to use java.io.File.separator or normalize paths dynamically. Improve how ScannerVerifierAnalysisBuilder locates dependencies to be OS-agnostic.

ClassFormatError in JSP Transpilation (confidence: high)

• Type: test
• Affected jobs: Linux CI runner jobs
• Related to change: yes
• Root cause: A java.lang.ClassFormatError occurred during JSP transpilation in the java-jsp module. This is likely an incompatibility between the JSTL library bytecode and the Java 25 runtime environment.
• Suggested fix: Verify JSTL dependency version compatibility with JDK 25. Ensure required libraries for the Jasper transpiler are correctly provided in the test classpath.

Summary

• Change-related failures: 2 primary failure patterns impacting both Linux (JSP transpilation) and Windows (path assertions and class loading).
• Infrastructure/flaky failures: 0
• Recommended action: Address the cross-platform path handling in the new SIT wrapper tests and verify dependency compatibility with the current build JDK.

Code Review ⚠️ Changes requested 0 resolved / 1 findings

Introduces a new scanner-integration-tester wrapper for multi-module unit tests, but includes accidental commits of test fixture files A.java that must be removed.

⚠️ Quality: Accidentally committed A.java test fixture files

📄 java-checks-testkit/A.java:1-3 📄 java-checks-testkit/src/A.java:1-3

Two files java-checks-testkit/A.java and java-checks-testkit/src/A.java appear to be accidentally committed. They are not referenced by any test code — ScannerVerifierTest dynamically creates the same content in a temporary directory. These files pollute the project root and the src/ directory of the module, and could confuse developers or interfere with build tools that scan for .java files.

Remove the accidentally committed test fixture files that are not referenced anywhere.

git rm java-checks-testkit/A.java java-checks-testkit/src/A.java

🤖 Prompt for agents

Code Review: Introduces a new scanner-integration-tester wrapper for multi-module unit tests, but includes accidental commits of test fixture files A.java that must be removed.

1. ⚠️ Quality: Accidentally committed A.java test fixture files
   Files: java-checks-testkit/A.java:1-3, java-checks-testkit/src/A.java:1-3

   Two files `java-checks-testkit/A.java` and `java-checks-testkit/src/A.java` appear to be accidentally committed. They are not referenced by any test code — `ScannerVerifierTest` dynamically creates the same content in a temporary directory. These files pollute the project root and the `src/` directory of the module, and could confuse developers or interfere with build tools that scan for `.java` files.

   Fix (Remove the accidentally committed test fixture files that are not referenced anywhere.):
   git rm java-checks-testkit/A.java java-checks-testkit/src/A.java

Tip

Comment Gitar fix CI or enable auto-apply: gitar auto-apply:on

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.
Unblock → Override a blocking verdict and allow merging.

Comment with these commands to change:

Auto-apply	Compact	Unblock
gitar auto-apply:on	gitar display:verbose	gitar unblock

_{Was this helpful? React with 👍 / 👎 | Gitar}