SonarQube for Visual Studio plugin version: 8.19.1.13210
Programming language you’re coding in: C#/HTML/CSS/JS
Is connected mode used: No
And a thorough description of the problem / question:
I want to use SonarQube for IDE on a large ASP.NET Framework 4.7.2 application (Combination of WebForms and MVC). The analyzer appears to give a lot of warnings for .cshtml files that are related to what I am assuming is internal/hidden c# code behind.
Examples of these warnings include S108, S101, S4487, S1905 and S2696.
From what I have read .cshtml files in .NET Framework apps are not properly supported for SonarQube (correct me if i’m wrong) so instead I would like to exclude .cshtml files from analysis. I have added a file exclusion via extension settings, but no amount of cleaning, restarting or re running code analysis removes warnings from these files.
It looks like not only are file exclusions not working, but individual rule exclusions are also not working. I would’ve thought at the very least I should be able to exclude certain file types from analysis, this is making it hard to justify using (and potentially purchasing) SonarQube for a large legacy project that contains a lot of .cshtml files.
If my expectations are wrong or I am configuring something incorrectly, please let me know.
Configuring C# file exclusions and rules should normally work. There is a small caveat to that, which is that the settings, after they’ve just been changed, don’t take effect until the next roslyn analysis (basically, you need to modify the source code or reopen the solution). This should not be the problem if the settings are not modified.
From what it seems, the configuration in the settings.json file is correct and should have worked. Could you please send the contents of AppData\Roaming\SonarLint for Visual Studio\.global folder? It contains the analyzer configs generated based on settings.json. I would like to confirm that they were generated correctly
I did a few more code changes and Solution restarts to check I wasn’t just failing to re run analysis, but to no avail.
I have attached a .zip archive containing all configuration for the Solution I’m working in, called “SonarQubeTest”. Just from taking a quick peek myself, it does appear that the correct exclusion and severity rules have made their way into the SonarLint.xml and .globalconfig files so there may be something else at play here.
I would really appreciate getting to the bottom of this, as I would really love to champion the use of this wonderful tool.
Thank you for the provided archive! I could indeed reproduce the problem and we are currently investigating it. We will keep you informed as soon as we have more info.
It seems the problem consists in the fact that the compiler generates a new file .cshtml.g.cs for the .cshtml files and, indeed, this is the file that we actually analyze (and then map back to the source).
Therefore the following patterns should help you: *.cshtml* *cshtml*
Could you, please, try them and let us know if they helped you?
Be aware that exclusions will be applied on the next analysis run by the Roslyn analyzers, so reloading the solution would be recommended.
