Hi,
Products - Sonarqube 8.4.2 / 8.6.1 & SonarCloud
We are using Sonarqube 8.4.2 (via the docker image) in the current CI chain. I was also able to reproduce with 8.6.1 on my workstation (docker image too), as well as on SonarCloud (link below).
On the CI chain with SonarQube 8.4.2, we are using the following plugins:
- sonar-typescript-plugin-2.1.0.4359.jar
- sonar-javascript-plugin-6.2.2.13315.jar
- sonar-html-plugin-3.2.0.2082.jar
- sonar-php-plugin-3.5.0.5655.jar
- sonar-css-plugin-1.2.1.1602.jar
Language - Typescript
The false positive occurs on a Typescript project.
Rule - S109
The affected rule is the S109 (magic number). The rule is disabled by default, even using “Sonar way recommended”. With SonarQube (8.4.2 & 8.6.1) or SonarCloud we need to create a custom profile with this rule enabled.
Sample Code
My sample is pretty simple:
export class MyApp {
public static readonly DEFAULT_FILE_PERMISSION = 0o666;
public static doSmth(): void {
// eslint-disable-next-line no-console
console.log(MyApp.DEFAULT_FILE_PERMISSION);
}
}
The class declares a public constant to be reused statically anywhere. 0o666 is tagged as a magic number.
I believe this is a correct way of declaring constants, and that this should not be considered as declaring a magic number.
Minimal project
I’ve setup a sample project to reproduce with the different products:
This includes the travis file launching sonarcloud analysis (https://sonarcloud.io/dashboard?id=antoine-morvan_sonar-minimal-6deb878b3), as well as a Jenkinsfile launching the flow on my local jenkins/sonar config on which I was reproducing on the different versions of sonarqube (via docker).
Quicklink to the false positive issue on SonarCloud: https://sonarcloud.io/project/issues?id=antoine-morvan_sonar-minimal-6deb878b3&open=AXfVAmEdWiaxxBP5EY0r&resolved=false&types=CODE_SMELL
I hope everything is there 