False negative for S1144 in C# with method which takes EventArgs

Please provide

  • Operating system: Windows 11
  • Visual Studio version: 17.13.0 Preview 2.1
  • SonarQube for Visual Studio plugin version: 8.9.0.11507
  • Programming language you’re coding in: C#
  • Is connected mode used: Yes
    • SonarQube Server 10.1

The following code should report two S1144 issues, but it reports only one. The method void Event(object, EventArgs) is not reported by SonarLint (but it is by SonarQube Server and also by sonar-dotnet version 9.0.2)

public sealed class Class1
{
    private void Event(object sender, EventArgs e)
    {
        // intentionally left empty
    }

    private void Other(object sender, EventArgs e, object last)
    {
        // intentionally left empty
    }
}

Hi @carlossus,

Thanks for looking into this, I believe this is not a FN.

The rule description, under the Exceptions heading, states that:

This rule doesn’t raise issues on:

  • void methods with two parameters when the second parameter type derives from EventArgs

We actually viewed this scenario as an FP that is fixed in the latest versions of our analyzers.

This means that SonarQube IDE is correctly ignoring this code and SonarQube Server is incorrectly reporting an issue as it does not have the latest version of the analyzers.

To correct this you would need to update to the latest version of SonarQube Server.

1 Like

Hi @alexander.meseldzija,

regarding SonarQube Server I agree with you.
But the latest version of dotnet-sonarscanner (9.0.2) also reports two S1144 issues for the code given above.

Hi @carlossus,

depending on how you use the dotnet-sonarscanner, it will change the analyzers it uses. So if you use it with SonarQube Server 10.2 you will get the analyzers packaged with that version.

If you use it with SonarQube Cloud you will get the latest version of the analyzers and it will not raise any issues.

I have an example project on SonarQube Cloud here where you can see S1144 does not raise on the first method.

Thanks for the example.

I wanted to try using the dotnet-sonarscanner locally without SonarQube Server, but couldn’t get it working.
Both exports from SonarQube Server:


cannot be handles with

dotnet sonarscanner begin /s:...

I only get the error “Unable to read the analysis settings file … Please fix the content of this file”.

The README file of the sonar-dotnet repository links to an unknown page Analyze projects with SonarScanner for .NET at GitHub - SonarSource/sonar-dotnet: Code analyzer for C# and VB.NET projects

Hi @alexander.meseldzija,

another related question: If dotnet-sonarscanner pulls the actually used analyzers (the analyzer code, not only the rules, right?), why doesn’t SonarLint do that, too?

Hey @carlossus

Thanks for pointing out the 404, I have passed it onto the relevant team. The page it is meant to link to is probably SonarScanner for .NET installation | SonarQube Server Documentation

I’m not 100% sure how exactly you’re trying to run the scanner, but it needs to be ran in conjunction with either SonarQube Server, or SonarQube Cloud.

The exact details of SonarQube IDE is a little outside my wheelhouse, but my understanding is that it is due to a combination of practical, technical, and security reasons, as well as it being recommended practice for IDE plugins to not download components from outside the given marketplace.

It is documented behaviour on the SonarQube IDE Troubleshooting page that analysis results may differ between SonarQube IDE, and SonarQube Server.