-
Notifications
You must be signed in to change notification settings - Fork 150
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing issue information for external analyzers #317
Comments
Hi @ChristopherWatanabe |
Thank you @Sancretor ! In the meantime, it seems that quite a few of these external warnings (incorrectly mislabelled errors by me!) can be picked up by expanding the SonarQube C# Ruleset, which is perhaps why this is just now become an issue. For the greatest amount of analysis and peace of mind however, I would ultimately like to include external analyzer warnings and information as well. I hope your investigation is fruitful! Looking forward to your results!!! |
Hi @Sancretor, Just taking a short look around, I think the problem is here. It seems if the rule is not listed in the Sonar ruleset - as is the case for all external rules - then it is assumed that the report doesn't include information about that rule, which is not always the case. |
Hi again @Sancretor , Looking deeper and doing a couple rounds of debugging, I see that this is exactly what's happening. As the report is given as an argument, I wonder why not simply iterate over the issues of the report? I've exchanged the current logic with this:
Null checks would be simple to implement then, and the Question Mark logic could remain in the form of a null check over the Issue field value. Something like `issue.add((i.getRule() == null) ? QUESTION_MARK : i.getRule()), or so. With this, I now see the external_roslyn messages as so: The big issue with this fix is that every issue is then considered unique, so I simply set the issue number field to 1. A solution to this would be to first pre-process the report issues in order to find only the unique fields. For this, there would have to be agreement on what exactly consists of a "unique field". I would say two issues are the same if the fields in the report are equal. In other words, if Issue A and Issue B have the same Rule, Description, Severity, and Type, then they are the same. |
Hi @christopher-watanabe-snkeos Sorry for the delay, you seem to have a lot more free time than I do ! We decided to extract data from the rule linked to the issue because it contains more data or more trustworthy data than the issue itself. At least, it was right when we first developed that class, so that may not be true anymore. I'm looking into it right now, I promise :) |
Hi @Sancretor No rush! I considered developing this processing to generate the unique list of issues with their number of occurrences myself, but I'm no Java expert and I don't have that much free time! 😄 My team also ended up considering a paid service that generates these sort of PDFs with SonarQube/SonarCloud output, especially if we take the SonarCloud route. Perhaps you've heard of it it? It's called BiteGarden. Thank you for your response! :) |
No free time for us then ;) |
Describe what you need to know
I am using the Sonar CNES report tool v4.1.1 with SonarQube Community Edition 8.9.8. What I've noticed is that SonarSource errors are generated with name, description, type, severity and number information. External Roslyn analyzer issues are however only shown with the name (i.e. "external_roslyn:CA1051") and number information. Other fields are given "?", as if the information were missing. The "?" labelled fields are available on the SonarQube server however, so I expect this information is not truly missing (see screenshots).
I'd like to know whether I'm configuring my report generation wrong or whether this is a feature that is not yet supported, namely importing of external analyzer issues in the report with full information.
Screenshots & log
"?"-labelled content in the report
Information given in SonarQube with the same external error code (circled red)
User environment
The text was updated successfully, but these errors were encountered: