Analyzing single (huge) C# class using SonarQube

scanner
sonarqube
csharp

(Frank) #1

As having issues with the mods on SE/SO banning for no reason questions and moving them into inappropriate sub-forums where they will never get an answer for the solely pourpose to gain points and do their best effort to act like nazis, I am forced to ask directly here, hoping into a different symphony.

Apart from this little outburst, here we are. I’ve surfed the internet all around without responses, I tried to do my best, read the official docs, trial and error, nothing.

In synthesis: I am refactoring a huge class in a huge project, I have to track the quality of this work and compare it over time, to produce a relation.

I have a working SonarQube 7.4 server running, tested a couple of times without issues. To accomplish my objective, I created a new project in Sonar, configured the in/exclusions setting -->sonar.inclusions variable with myclass.cs, did all the 3 steps to build the project on the client, Sonar analyzed it and I got all green A but inside the project no result, since it was telling me “No project analyzed yet”.

The MAIN and most IMPORTANT question is:
how can I make Sonar properly analyze just a single class of this huge project? The sonar.inclusions field since what I read should match everything that can be matched to its value or values, the only possible match for myclass.cs is just one! What am I doing wrong?

In the SE post there was just a SIDE question, that could be seen as a hint or opinion from other programmers, thus OPTIONAL TO REPLY:
is this the right way to analyze the single class? (In my context) Since it’s huge (12k lines) it got even a lot of imports etc.

Thanks in advance for your patience.


(Colin Mueller) #2

Hey Frank,

Can you share the commands you’re using to run your analysis / build your code (Scanner for MSBuild begin, build, Scanner for MSBuild end).

Let me also recommend that you remove your sonar.inclusions at least for now, so we can remove that as a variable. Inclusion/Exclusion settings are a little tricky with C# Solutions as you have to declare module-level properties (see a rather long discussion about this here, but this is going away in 7.6 with the drop of modules and a return to basing everything off the file system).

Colin


(Frank) #3

Hi Colin, thanks for the fast response.

If it wasn’t clear, I want to underline this:
the server works perfectly, when feeding the whole project (.sln) or subproject (.csproj) it gives proper valid results, and analysis data is browsable.

Anyway, the commands I gave were really basic, in syntesis:

cd %path_to_project%
MsBuild begin /login /k 
%path_to_msbuild% /%path_to_project% /arguments...
 MSbuild end

These the commands:

cd C:\%path_to_project%\

1
SonarScanner.MSBuild.exe begin /d:sonar.verbose=true /k:"SpeFColli_Alone" /n:"SpeFColliLogic" /d:sonar.host.url="http://%sonar_server%" /v:"1.0" /d:sonar.login="key"
2
"C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\MSBuild.exe" C:\%path_to_proj%\myProject.csproj /t:Rebuild /p:VisualStudioversion=15.0;Configuration=Release;Platform="Any CPU"
3
SonarScanner.MSBuild.exe end /d:sonar.login="key"

EDIT:

Following this post and taking it as an example

I should add in the second of my 3 steps the following (adapted to be included) argument:

/d:2634460F-79A3-4EB3-AE3D-AA0F40A391FF.sonar.inclusions=myClass.cs

Am I right?


(Colin Mueller) #4

That is one solution! I don’t totally know the structure of your project, but you are on the right track. You can checkout our docs on [Narrowing the Focus|https://docs.sonarqube.org/7.4/project-administration/narrowing-the-focus/] for some info on applying wildcards if necessary to navigate folders, etc.

Ultimately, SonarQube is built for analyzing projects, not just one class in a project. So while what you’re doing is possible, it’s not necessarily what the tool is designed for, if that makes sense.

You might also consider using SonarLint in Visual Studio for more targeted, at-development time analysis.

Colin


(Frank) #5

Hi Colin, thanks again for your response.

I know that Sonar has been built with the pourpose of analyzing whole projects, but since my context is particular I have particular needs! The dev work over this class is done, my objective (as written in the SE post) is to refactor it following the patterns of sw engineering to gain better quality from the code mantaining the same functionality.

Questions:

  1. As you said this is one solution, there are others out there?

  2. In my proposed solution, should I put that argument in the second or third step? (Just asking for confirmation)

  3. The three of my project brifly is:

    root folder with .csproj
    _|fold1
    __|_fold2
    ___|_fold3
    ____|
    ______|_foldN
    _______|_myClass.cs

So is correct to write sonar.inclusions=myClass.cs or should I put wildcards?


(Colin Mueller) #6

Frank,

  1. For your specific use-case, I think it’s the best solution there is.
  2. It should go in your first step
  3. You should navigate your folder structure starting at the root of the module to myclass.cs if it’s deeper than the root module folder, or just throw in a wildcard like **/myclass.cs should do alright.

Best thing to do is try it out and see what sticks. :slight_smile:

Colin


(Frank) #8

I tried to draw an example of my folder structure, but I’m not able to do it :smiley: If you can help me in that…

Ok thank you! I’ll give it immediately a try!

UPDATE:

I re-run the analysis, I found out that that GUID (I don’t know exactly from what it depends) changes over time…

Anyway, analyzing the whole project Sonar showed me 300k lines parsed, analyzing the sub-project in which the class I’m working on is contained Sonar shows me about 280k lines of code parsed.

In this last try, analyzing only the class on which I’m working using the filter we talked above, Sonar shows me 50k lines of code parsed…but the class is just a bit less than 12k…

Is this ok? Maybe sonar parsed even the dependencies so that the gross lines number growth from 12k to 50k? Or should I check better the filter or do something else to refine even more the parsing?

Anyway a HUGE thank you Colin!


(Colin Mueller) #9

Frank,

You should be able to checkout in the “code” tab of your project what is being scanned, aka where those lines of code are coming from.

Since you’re setting module level inclusions, you may be getting everything from other modules.

Colin


(Frank) #10

Hi Colin, yes of course there are lines of code from other files, my question was more about which criteria Sonar uses in this case since I feeded just one file, does it automatically parse all the related dependencies? Or something else?

And another thing, if I do modify myClass.cs, to make it be re-analyzed by sonar I should always redo all the 3 steps on the client side? Or just the 3th?

I promise, this is my last question :smiley: