ADO Data science Python project not showing bugs on sonarcloud

SonarQube Cloud
,
1

I am not able to get any result on introducing buggy lines of code for python however i do see that sonar cloud is reporting that the code coverage is failing.

Can someone tell me what I am missing ?? my code is below

steps:
- checkout: self
- task: SonarCloudPrepare@1
inputs:
SonarCloud: ‘sonar’
organization: ‘xyz’
scannerMode: ‘CLI’
configMode: ‘manual’
cliProjectKey: ‘xyz’
cliProjectName: ‘xyz’
cliSources: ‘.’
- checkout: self
- task: SonarCloudAnalyze@1
- checkout: self
- task: SonarCloudPublish@1

2

Hi @sriramn2 , welcome to the community,

Could you please build a public reproducer, with minimal code, to explain exactly what issues you expect SonarCloud to report?

3

HI Claire glad that you responded, Shall i attach screenshots ? will that help I am having a ADO project it is a python code which is getting analysed by the sonarcloud however if i create some wrong code or with some sort of bugs to see if sonarcloud catches it it just won’t it is just shows green and passed in my main branch… I do see that whatever code i make the changes are getting pushed into the code tab of the sonarcloud so there is a sync between my ADO git repository and the commit i make… Let me know if you need anything else … I am using the azure pipeline sonarcloud plugin to create the YAML code which will initialize , analyze and publish the code to sonarcloud

4

Hi,

You showing us what buggy code you add, and what do you expect SonarCloud to report would really help.
Can you please create the very small public project somewhere and share the link here, or at least post the code properly formatted and add a comment on what issue you expect SonarCloud to catch, and where in the code?

HTH,
Claire

1 Like
6

print ("Hello World";

this above line is the buggy code sonarcloud is not catching this bug it is showing passed in green, instead of a failed red

Refer the original code below which is actually scanned by sonar.

in my earlier post i showed you what code im using to initiate the sonar scan

# Databricks notebook source

import pickle

import pandas as pd  

import numpy as np  

import matplotlib.pyplot as plt  

import seaborn as seabornInstance 

from sklearn.model_selection import train_test_split 

from sklearn.linear_model import LinearRegression

from sklearn import metrics

#dbutils.widgets.text("input", "","")

#datafile = dbutils.widgets.get("input")

datafile = "transformed.csv"

storage_account_name = getArgument("storage_account_name")

storage_container_name = getArgument("storage_container_name")

mount_point = "/mnt/csvfile"

if not any(mount.mountPoint == mount_point for mount in dbutils.fs.mounts()): 

  dbutils.fs.mount(

    source = "wasbs://"+storage_container_name+"@"+storage_account_name+".blob.core.windows.net",

    mount_point = mount_point,

    extra_configs = {"fs.azure.account.key."+storage_account_name+".blob.core.windows.net":dbutils.secrets.get(scope = "something", key = "key3")})

dataset = pd.read_csv("/dbfs/"+mount_point+"/"+datafile) 

X = dataset['MinTemp'].values.reshape(-1,1)

y = dataset['MaxTemp'].values.reshape(-1,1)

X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=0)

regressor = LinearRegression()  

regressor.fit(X_train, y_train) 

print("Model trained.")

#To retrieve the intercept:

print("Regressor intercept: %f" % regressor.intercept_)

#For retrieving the slope:

print("Regressor coef: %f" % regressor.coef_)

filepath_to_save = '/dbfs' + mount_point + '/regression.pkl'

s = pickle.dump(regressor, open(filepath_to_save, "wb"))

#Introducing buggy code path for Demo

#print f something

print ("Hello World";

# COMMAND ----------
7

Hi @sriramn2

Thanks for the snippet, I think I understand the problem now.
SonarCloud is not a compiler nor an interpreter, its goal is not to detect syntax errors, but code quality issues into valid code.
That’s completely normal that such a line does not trigger any error on SonarCloud, it is not the product responsiblity to take care of code syntax. IDEs, compilers and interpreters do that very well, and SonarLint / SonarCloud come after, to improve its quality.

You can read more on SonarCloud features on the documentation.