Conflicting Issues while using .NET8

ShanavazAhmed · December 13, 2023, 1:31pm

Hello,

Operating system: Win10
Visual Studio version: Microsoft Visual Studio Enterprise 2022 (64-bit) - Current Version 17.8.3
SonarLint plugin version: 7.4.0
Programming language you’re coding in: C#
Is connected mode used:Yes
- Connected to SonarCloud or SonarQube (and which version): SonarQube 9.9

I have encountered couple of problems while using .NET8

SYSLIB0051 vs csharpsquid:S3925
I got following warning in VS.
SYSLIB0051|‘Exception.Exception(SerializationInfo, StreamingContext)’ is obsolete: ‘This API supports obsolete formatter-based serialization. It should not be called or extended by application code.’
When I fixed the above error by removing Serializable constructor and using Primary constructor, I got S3925, asking me to put the removed constructor.
Certain issues are only shown on SonarQube portal and not on VS (using SonarLint).
E.g.: S3925 & [S2589] are only shown on SonarQube portal and not while using VS.
[S3604] is not valid while using primary constructor according to Microsoft documentation.
Primary constructors - C# 12.0 draft feature specifications | Microsoft Learn

public class C(bool b, int i, string s) : B(b) // b passed to base constructor
{
    public int I { get; set; } = i; // i used for initialization
    public string S // s used directly in function members
    {
        get => s;
        set => s = value ?? throw new ArgumentNullException(nameof(S));
    }
    public C(string s) : this(true, 0, s) { } // must call this(...)
}

Thank you very much in advance for your time and help.

Colin · December 14, 2023, 9:09am

Hey there.

A couple annoyingly complicated things to keep in mind here.

SonarQube v9.9 is using v8.51 of sonar-dotnet
The latest version of SonarLint for Visual Studio is using v9.12
The first version of sonar-dotnet to officially support .NET 8 is v9.13
There are probably still some false-positives to clean-up.

This should get handled in S3925: BinaryFormatter serialization is deprecated, should be handled differently for >= .NET 8 · Issue #8377 · SonarSource/sonar-dotnet · GitHub.

SonarLint for Visual Studio is using a newer version of the .NET analyzer – so I suppose the qusetion is, are the issues on SonarQube false-positives or legitimate issues?

This should have been handled in Fix S3604 FP: Primary constructors · Issue #7624 · SonarSource/sonar-dotnet · GitHub, which will make its way to SonarLint soon (and eventually SonarCloud).

We appreciate the reports.

ShanavazAhmed · December 20, 2023, 3:28pm

Firstly thank you very much for your response.
Is there mapping of SonarQube version to sonar-dotnet version supported? Can we upgrade just sonar-dotnet to latest without upgrading SonarQube 9.9v?

Colin · December 20, 2023, 4:26pm

Hey again!

Normally, things like specific analyzer versions aren’t exposed to users when using a specific product that bundles a particular version. I shared these to demonstrate the discrepancy you’re seeing.

Still, you can find specific versions in the build.gradle for a specific version of SonarQube (here’s SonarQube 9.9 vs 10.3)

No, it’s required to upgrade SonarQube version.

ShanavazAhmed · December 21, 2023, 6:37am

Hello Colin,

The information you shared is very helpful. Thank you.

So to double check, SonarQube version 10.3 has .NET8 implement but not things like S3925: BinaryFormatter serialization is deprecated, should be handled differently for >= .NET 8 · Issue #8377 · SonarSource/sonar-dotnet · GitHub.

10.4v looks promising as per Fix S3604 FP: Primary constructors · Issue #7624 · SonarSource/sonar-dotnet · GitHub.

My conculsion is, I should wait for next release(s) to have .NET8 and C#12 fixes all implemented.

Colin · December 21, 2023, 6:38pm

You’ll always find the best support for newest versions of programming languages in the very latest versions of SonarQube. SonarQube 10.3 has better support for .NET 8 than any previous version, and SonarQube 10.4 will have even better!