Excessive Logging - SonarLint & IDE

erikcrga · February 10, 2023, 4:53pm

Version: SonarQube 9.x (Multiple versions) self hosted
OS: Windows and OSX
SonarLint v6.7
Programming Language: Any
Connected: SonarQube 9.x (Literally any version of 9.x). Ongoing issue since always. Just never bothered to create a ticket till now since it wasn’t SDLC mandated till now.

We started leveraging SonarLint with Visual Studio Code. However, every interaction inside the IDE creates multiple log writes inside SonarQube. Less than 1 hour of work by multiple devs, we are receiving filled drive notifications from our server. Multiple GB of logs are being written in almost no time.

It appears that every single key press inside Visual Studio Code, is generating multiple Auth logs and multiple scan logs. This happens at all log levels, info to debug.

Rotating out logs for *.logs is not a viable option because the amount of logging would still be astronomical.

ganncamp · February 10, 2023, 6:22pm

Hi,

There’s a topic template for this category. Can you please provide the information it asks for?:

Please provide

Operating system:

SonarLint plugin version:

Programming language you’re coding in:

Is connected mode used:

Connected to SonarCloud or SonarQube (and which version):

Thx,
Ann

erikcrga · February 10, 2023, 6:25pm

OS: Windows and OSX
SonarLint v6.7
Programming Language: Any
Connected: SonarQube 9.x (Literally any version).

ganncamp · February 10, 2023, 6:28pm

Hi,

3.14 is the latest version of SonarLint for VSCode…?

Ann

erikcrga · February 10, 2023, 6:40pm

Yes v3.14.0.

The versions do not matter. We have battled this issue for over a year now and since we don’t have paid support, have not bothered to report this insane issue till now.

The fact boils down, using SonarLint with SonarQube generates astronomical amounts of logging. Every time you begin typing, it reauthenticates with SonarQube which generate logs on the SonarQube server. Then, for every keystroke/chain of typing it appears to be trying to scan code which generates more logs.

The below snippet is me typing “#Hello World” to a connected repo. 8 log writes within 1 second in just 1 of the logs. Auth has just as many. For every scan attempt, its re-authing, thus more logs.

127.0.0.1 - - [10/Feb/2023:11:06:23 -0500] "GET /api/rules/search.protobuf?qprofile=[censored]&activation=true&f=templateKey,actives&types=CODE_SMELL,BUG,VULNERABILITY,SECURITY_HOTSPOT&s=key&ps=500&p=1 HTTP/1.1" 200 3282 "-" "SonarLint VSCode 3.14.0"
127.0.0.1 - - [10/Feb/2023:11:06:23 -0500] "GET /api/rules/search.protobuf?qprofile=[censored]&activation=true&f=templateKey,actives&types=CODE_SMELL,BUG,VULNERABILITY,SECURITY_HOTSPOT&s=key&ps=500&p=1 HTTP/1.1" 200 438 "-" "SonarLint VSCode 3.14.0"
127.0.0.1 - - [10/Feb/2023:11:06:23 -0500] "GET /api/rules/search.protobuf?qprofile=[censored]&activation=true&f=templateKey,actives&types=CODE_SMELL,BUG,VULNERABILITY,SECURITY_HOTSPOT&s=key&ps=500&p=1 HTTP/1.1" 200 - "-" "SonarLint VSCode 3.14.0"
127.0.0.1 - - [10/Feb/2023:11:06:23 -0500] "GET /api/rules/search.protobuf?qprofile=[censored]&activation=true&f=templateKey,actives&types=CODE_SMELL,BUG,VULNERABILITY,SECURITY_HOTSPOT&s=key&ps=500&p=1 HTTP/1.1" 200 - "-" "SonarLint VSCode 3.14.0"
127.0.0.1 - - [10/Feb/2023:11:06:24 -0500] "GET /api/rules/search.protobuf?qprofile=[censored]&activation=true&f=templateKey,actives&types=CODE_SMELL,BUG,VULNERABILITY,SECURITY_HOTSPOT&s=key&ps=500&p=1 HTTP/1.1" 200 - "-" "SonarLint VSCode 3.14.0"
127.0.0.1 - - [10/Feb/2023:11:06:24 -0500] "GET /api/rules/search.protobuf?qprofile=[censored]&activation=true&f=templateKey,actives&types=CODE_SMELL,BUG,VULNERABILITY,SECURITY_HOTSPOT&s=key&ps=500&p=1 HTTP/1.1" 200 - "-" "SonarLint VSCode 3.14.0"
127.0.0.1 - - [10/Feb/2023:11:06:24 -0500] "GET /api/rules/search.protobuf?qprofile=[censored]&activation=true&f=templateKey,actives&types=CODE_SMELL,BUG,VULNERABILITY,SECURITY_HOTSPOT&s=key&ps=500&p=1 HTTP/1.1" 200 - "-" "SonarLint VSCode 3.14.0"
127.0.0.1 - - [10/Feb/2023:11:06:24 -0500] "GET /api/rules/search.protobuf?qprofile=[censored]&activation=true&f=templateKey,actives&types=CODE_SMELL,BUG,VULNERABILITY,SECURITY_HOTSPOT&s=key&ps=500&p=1 HTTP/1.1" 200 - "-" "SonarLint VSCode 3.14.0"

ganncamp · February 10, 2023, 6:44pm

Hi,

BTW, sorry for re-asking earlier for data you had already provided. I’m going to say my eyes already think it’s 5 o’clock.

I guess you’re saying you’ve seen this across versions. But on our side, knowing you’re experiencing this in the latest version versus something with age on it very much does matter.

I’m sorry you’ve faced this so long. Please know that the SonarLint team is generally very responsive - whether or not you have support. I’ll flag this for their attention.

Ann

JBL_SonarSource · February 13, 2023, 9:52am

Hello, thanks for reporting this behavior!

I could not fully reproduce the “requests on every keystroke” behavior, however I noticed that there are definitely calls we could spare on file save and I created a ticket to address this.

Out of chance, do you use VSCode’s “auto save” feature? This could explain the “every few keystrokes” behavior you reported.

Another thing that bothers me a bit is this part:

Every time you begin typing, it reauthenticates with SonarQube which generate logs on the SonarQube server.

Which kind of authentication do you use with SonarQube? As far as I can tell, most calls made by SonarLint use the built-in “token” authentication (which relies on standard HTTP basic authentication), and AFAICT this should not cause additional “authentication” calls.

The logs I see in your post above are related to the synchronization of quality profiles and rules. This should not happen that frequently, and definitely not on every analysis.

erikcrga · February 13, 2023, 5:16pm

Out of chance, do you use VSCode’s “auto save” feature? This could explain the “every few keystrokes” behavior you reported.

It was not enabled during the test which caused the above logs. After further testing, here is some addition replication steps to generate excess log.

Have VSCode open
Open a file (double click)
– this generates a log
Start writing some stuff
– this generates a log(s)
Open a new file
– this generates a log
Bounce between the two files. I am doing this to simulate referencing other files.
– a log is generated for every file looked at. if you keep them open as tabs, they only sometimes generate a log when focused. However, if you are the OCD type to keep your tabs to a minimum, logs will be generated more frequently just by “viewing”.

Which kind of authentication do you use with SonarQube? As far as I can tell, most calls made by SonarLint use the built-in “token” authentication (which relies on standard HTTP basic authentication), and AFAICT this should not cause additional “authentication” calls.

The auth that we have been using is the default Token one. It looks like over the weekend, for some reason I am not seeing any excess authentication logs anymore. I tried reinstalling the plugin to be able to reproduce the auth logging issues, but no change. It somehow fixed itself. So I will raincheck that issue.