C++ Rule Track uses of "TODO" tags reports FP when it is inside a word

Hello

We have a false positives when “todo” is inside a word, like the spanish “Metodo” which stands for Method.

We understand it is impossible to adapt all the regex and rules for any language but could be easy to avoid this behaviour in general when looking for the keyword.

Regards
Javier

  • C++ code
  • Developer Edition Version 8.6 (build 39681)
  • Latest SonarScanner

Hello @jggundin,

I have checked in the code and in our tests, but both rules we have about TODO (S1707 and S1135) only consider full words. So in both cases, Metodo should not be detected as a “TODO”.

Do you have a sample code that reproduces this strange behaviour? Do you have analysis logs?

Thank you!

This is a code example:

   /**
  @brief Parsear tipo desconocido.
 
  **Método** encargado de parsear un tipo desconocido de paquete.
  @param pduBuffer Datos a parsear.
  @return Datos parseados en forma de objeto @Packet
 */
Packet* PacketParser::resyncBuffer(
    CircularBuffer* pduBuffer)
{
    /*
     * El buffer ya viene linearizado.
     */
    size_t available;
    .....

Log:

[XXDeb10Compilaciones1] $ /opt/sonar-scanner/bin/sonar-scanner -Dsonar.host.url=http://192.168.110.7:9000 ******** -Dproject.settings=/home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/sonar-project.properties -Dsonar.projectBaseDir=/home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1
Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF-8
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/sonar-project.properties
INFO: SonarScanner 4.6.0.2311
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 4.19.0-9-amd64 amd64
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/sonar-project.properties
INFO: Analyzing on SonarQube server 8.7.0
INFO: Default locale: "es_ES", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=122ms
INFO: Server id: A7EE8CF2-AWHR2QCY8LWhuG1G4gKb
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=59ms
INFO: Load/download plugins (done) | time=234ms
INFO: Loaded core extensions: developer-scanner
INFO: JavaScript/TypeScript frontend is enabled
INFO: Process project properties
INFO: Process project properties (done) | time=11ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=2ms
INFO: Project key: XX:AR_XXC_Service
INFO: Base dir: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1
INFO: Working dir: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/.scannerwork
INFO: Load project settings for component key: 'XX:AR_XXC_Service'
INFO: Load project settings for component key: 'XX:AR_XXC_Service' (done) | time=26ms
INFO: Load project branches
INFO: Load project branches (done) | time=27ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=16ms
INFO: Load branch configuration
INFO: Load branch configuration (done) | time=3ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=76ms
INFO: Auto-configuring with CI 'Jenkins'
INFO: Load active rules
INFO: Load active rules (done) | time=1789ms
INFO: Indexing files...
INFO: Project configuration:
INFO: 93 files indexed
INFO: Quality profile for c: Sonar way
INFO: Quality profile for cpp: Sonar way CES
INFO: ------------- Run sensors on module XX AR XXC Service
INFO: JavaScript/TypeScript frontend is enabled
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=27ms
INFO: Sensor CSS Rules [cssfamily]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor CSS Rules [cssfamily] (done) | time=1ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=1ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=2ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=4ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=4ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: javasecurity:S5131 is not activated in quality profile: skipping execution of thymeleaf sensor.
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=0ms
INFO: Sensor CFamily [cpp]
INFO: CFamily plugin version: 6.17.0.27551
INFO: Using build-wrapper output: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/sonar_build_wrapper/build-wrapper-dump.json
INFO: Available processors: 8
WARN: 
CFamily plugin supports multithreaded analysis:

* to enable multithreaded analysis
  please specify the number of threads to use
  by setting the following property to your analysis:
  sonar.cfamily.threads=number_of_threads

* if you do not want to enable multithreading
  please explicitly disable it
  by setting the following property to your analysis:
  sonar.cfamily.threads=1

* visit the documentation page for more information
  https://sonar.ledevserver.indra.es/documentation/analysis/languages/cfamily/

INFO: Using 1 thread for analysis according to value of "sonar.cfamily.threads" property.
INFO: Load project repositories
INFO: Load project repositories (done) | time=22ms
INFO: [pool-1-thread-1] /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/src/AdiscoConfig.cpp
...
INFO: [pool-1-thread-1] /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/src/Adisco.cpp
INFO: PCH: unique=0 use=0 (forceInclude=0,throughHeader=0,firstInclude=0) out of 28 (forceInclude=0,throughHeader=0)
INFO: SE: 28 out of 28
INFO: Subprocess(es) done in 118356ms
INFO: Cache: 0/28 hits, 8820788 bytes
INFO: 28 compilation units analyzed
INFO: Sensor CFamily [cpp] (done) | time=121269ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=6ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/.scannerwork/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=1ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/.scannerwork/ucfg2/python
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=1ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/.scannerwork/ucfg2/js
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/jenkins/workspace/XX_AR_XXC_Service/label_XXc/XXDeb10Compilaciones1/.scannerwork/ucfg2/js
INFO: No UCFGs have been included for analysis.
INFO: Sensor JsSecuritySensor [security] (done) | time=1ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=37ms
INFO: SCM Publisher SCM provider for this project is: svn
INFO: SCM Publisher 1 source file to be analyzed
INFO: SCM Publisher 0/1 source files have been analyzed (done) | time=589ms
WARN: Missing blame information for the following files:
WARN:   * src/config.h
WARN: This may lead to missing/broken features in SonarQube
INFO: CPD Executor Calculating CPD for 55 files
INFO: CPD Executor CPD calculation finished (done) | time=50ms
INFO: Load New Code definition
INFO: Load New Code definition (done) | time=22ms
INFO: Analysis report generated in 127ms, dir size=689 KB
INFO: Analysis report compressed in 200ms, zip size=258 KB
INFO: Analysis report uploaded in 55ms
INFO: ANALYSIS SUCCESSFUL, you can browse https://sonar.ledevserver.indra.es/dashboard?id=XX%3AAR_XXC_Service
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonar.ledevserver.indra.es/api/ce/task?id=AXf-KH4G2N7yZbaI7Hgw
INFO: Analysis total time: 2:07.119 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 2:08.527s
INFO: Final Memory: 8M/37M
INFO: ------------------------------------------------------------------------

Hello @jggundin,

I may have an idea why you have the described behaviour… You were talking of a Metodo comment, which I think should be fine, but in fact, you comment is Método… This extra accent just before the todo characters is probably not considered as a letter, and the word frontier detection is not working correctly.

Could you please tell us what encoding is used for this source file, so that we can reproduce correctly your situation?

I created a ticket to track this issue. Meanwhile, removing the accent might be an acceptable workaround… (and I really hate suggesting that, having myself the non-classical letter ï in my name…).

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.