Javascript: detect unresolved or undefined variable

In javascript, i want to detect the use of an undefined variable reference inside a class instance.

Webstorm can detect it, but my current sonarqube setup doesn’t (js sonar way recommended profile).


class MyClass {
    constructor() {
        this.test = "a";

    method() {
        this.unresolvedVariable.sub = true;

the error at runtime :

new MyClass().method()
VM88:8 Uncaught TypeError: Cannot set property 'sub' of undefined
    at MyClass.method (<anonymous>:8:37)
    at <anonymous>:1:15

Is Sonarqube able to detect this issue ?

Hi @francoissamin ,

SonarQube should in principle detect this situation thanks to the rule: Properties of variables with “null” or “undefined” values should not be accessed.

Can you please share must-have information so that we can dig deeper here:

  • Which SonarQube version are you using
  • Full analysis logs in debug mode (make sure to pass the -X flag)

Thanks and regards,

Hi @Daniel_Meppiel ,

Thanks for your answer.

I try with this piece of code:

class MyClass {
    constructor() {
        this.test = "a";
    method() {
        this.unresolvedVariable.sub = true;
let my = new MyClass();

On this piece of code, i expect sonar to find 2 issues. But none is detected :frowning:

If i try with eslint, it only detect ReferenceError: x is not defined

I’m running Sonarqube latest 7.9 (the upgrade to new LTS is planned).

Here are the logs of sonar-scanner

[INFO] ---Running sonar-scanner...
[INFO] 08:28:54.904 INFO: Scanner configuration file: /opt/sonar-scanner-
[INFO] 08:28:54.908 INFO: Project root configuration file: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/
[INFO] 08:28:54.945 INFO: SonarScanner
[INFO] 08:28:54.945 INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
[INFO] 08:28:54.945 INFO: Linux 4.19.0-5-cloud-amd64 amd64
[INFO] 08:28:55.078 DEBUG: keyStore is : 
[INFO] 08:28:55.078 DEBUG: keyStore type is : pkcs12
[INFO] 08:28:55.079 DEBUG: keyStore provider is : 
[INFO] 08:28:55.079 DEBUG: init keystore
[INFO] 08:28:55.079 DEBUG: init keymanager of type SunX509
[INFO] 08:28:55.192 DEBUG: Create: /root/.sonar/cache
[INFO] 08:28:55.193 INFO: User cache: /root/.sonar/cache
[INFO] 08:28:55.193 DEBUG: Create: /root/.sonar/cache/_tmp
[INFO] 08:28:55.196 DEBUG: Extract sonar-scanner-api-batch in temp...
[INFO] 08:28:55.199 DEBUG: Get bootstrap index...
[INFO] 08:28:55.199 DEBUG: Download: https://<my-sonar-host>/batch/index
[INFO] 08:28:55.554 DEBUG: Get bootstrap completed
[INFO] 08:28:55.560 DEBUG: Download https://<my-sonar-host>/batch/file?name=scanner-enterprise-7.9.4-all.jar to /root/.sonar/cache/_tmp/fileCache10696357853518851835.tmp
[INFO] 08:28:56.630 DEBUG: Create isolated classloader...
[INFO] 08:28:56.639 DEBUG: Start temp cleaning...
[INFO] 08:28:56.644 DEBUG: Temp cleaning done
[INFO] 08:28:56.645 INFO: Scanner configuration file: /opt/sonar-scanner-
[INFO] 08:28:56.647 INFO: Project root configuration file: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/
[INFO] 08:28:56.651 DEBUG: Execution getVersion
[INFO] 08:28:56.669 INFO: Analyzing on SonarQube server 7.9.4
[INFO] 08:28:56.670 INFO: Default locale: "en_US", source code encoding: "UTF-8"
[INFO] 08:28:56.671 DEBUG: Work directory: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/.scannerwork
[INFO] 08:28:56.672 DEBUG: Execution execute
[INFO] 08:28:56.907 DEBUG: Enterprise
[INFO] 08:28:57.040 INFO: Load global settings
[INFO] 08:28:57.243 DEBUG: GET 200 https://<my-sonar-host>/api/settings/values.protobuf | time=201ms
[INFO] 08:28:57.285 INFO: Load global settings (done) | time=246ms
[INFO] 08:28:57.287 INFO: Server id: 7E5F9B74-AXWX-4yTC5c_C3gjxvVJ
[INFO] 08:28:57.303 DEBUG: Create : /root/.sonar/_tmp
[INFO] 08:28:57.304 INFO: User cache: /root/.sonar/cache
[INFO] 08:28:57.307 INFO: Load/download plugins
[INFO] 08:28:57.307 INFO: Load plugins index
[INFO] 08:28:57.341 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/installed | time=34ms
[INFO] 08:28:57.402 INFO: Load plugins index (done) | time=95ms
[INFO] 08:28:57.403 DEBUG: Download plugin 'scmgit' to '/root/.sonar/_tmp/fileCache11405514663352396089.tmp'
[INFO] 08:28:57.443 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=scmgit&acceptCompressions=pack200 | time=39ms
[INFO] 08:28:57.625 DEBUG: Download plugin 'authgithub' to '/root/.sonar/_tmp/fileCache8999800241689074771.tmp'
[INFO] 08:28:57.654 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=authgithub&acceptCompressions=pack200 | time=29ms
[INFO] 08:28:57.667 DEBUG: Download plugin 'jacoco' to '/root/.sonar/_tmp/fileCache8140447420101382100.tmp'
[INFO] 08:28:57.695 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=jacoco&acceptCompressions=pack200 | time=28ms
[INFO] 08:28:57.700 DEBUG: Download plugin 'ldap' to '/root/.sonar/_tmp/fileCache1603172981684341225.tmp'
[INFO] 08:28:57.750 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=ldap&acceptCompressions=pack200 | time=49ms
[INFO] 08:28:57.764 DEBUG: Download plugin 'license' to '/root/.sonar/_tmp/fileCache5844422535681311931.tmp'
[INFO] 08:28:57.792 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=license&acceptCompressions=pack200 | time=28ms
[INFO] 08:28:57.797 DEBUG: Download plugin 'perl' to '/root/.sonar/_tmp/fileCache14537853068881363304.tmp'
[INFO] 08:28:57.835 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=perl&acceptCompressions=pack200 | time=37ms
[INFO] 08:28:57.917 DEBUG: Download plugin 'authsaml' to '/root/.sonar/_tmp/fileCache11099047895927802692.tmp'
[INFO] 08:28:57.958 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=authsaml&acceptCompressions=pack200 | time=41ms
[INFO] 08:28:58.052 DEBUG: Download plugin 'abap' to '/root/.sonar/_tmp/fileCache12914698614557011155.tmp'
[INFO] 08:28:58.104 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=abap&acceptCompressions=pack200 | time=52ms
[INFO] 08:28:58.158 DEBUG: Download plugin 'sonarapex' to '/root/.sonar/_tmp/fileCache13509801653718880775.tmp'
[INFO] 08:28:58.197 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=sonarapex&acceptCompressions=pack200 | time=39ms
[INFO] 08:28:58.331 DEBUG: Download plugin 'csharp' to '/root/.sonar/_tmp/fileCache13989981772234971473.tmp'
[INFO] 08:28:58.374 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=csharp&acceptCompressions=pack200 | time=42ms
[INFO] 08:28:58.466 DEBUG: Download plugin 'cpp' to '/root/.sonar/_tmp/fileCache11787414080792904411.tmp'
[INFO] 08:28:58.633 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=cpp&acceptCompressions=pack200 | time=167ms
[INFO] 08:28:59.276 DEBUG: Download plugin 'cobol' to '/root/.sonar/_tmp/fileCache14935251588405006751.tmp'
[INFO] 08:28:59.322 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=cobol&acceptCompressions=pack200 | time=46ms
[INFO] 08:28:59.448 DEBUG: Download plugin 'cssfamily' to '/root/.sonar/_tmp/fileCache3190232041917314388.tmp'
[INFO] 08:28:59.512 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=cssfamily&acceptCompressions=pack200 | time=63ms
[INFO] 08:28:59.694 DEBUG: Download plugin 'flex' to '/root/.sonar/_tmp/fileCache2264078249472510421.tmp'
[INFO] 08:28:59.738 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=flex&acceptCompressions=pack200 | time=43ms
[INFO] 08:28:59.771 DEBUG: Download plugin 'go' to '/root/.sonar/_tmp/fileCache7810398545170034986.tmp'
[INFO] 08:28:59.816 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=go&acceptCompressions=pack200 | time=45ms
[INFO] 08:28:59.891 DEBUG: Download plugin 'web' to '/root/.sonar/_tmp/fileCache11530842043340290809.tmp'
[INFO] 08:28:59.925 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=web&acceptCompressions=pack200 | time=33ms
[INFO] 08:29:00.358 DEBUG: Download plugin 'javascript' to '/root/.sonar/_tmp/fileCache13244031668382020793.tmp'
[INFO] 08:29:00.399 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=javascript&acceptCompressions=pack200 | time=41ms
[INFO] 08:29:00.608 DEBUG: Download plugin 'java' to '/root/.sonar/_tmp/fileCache466695459036247616.tmp'
[INFO] 08:29:00.661 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=java&acceptCompressions=pack200 | time=53ms
[INFO] 08:29:00.835 DEBUG: Download plugin 'kotlin' to '/root/.sonar/_tmp/fileCache7621980283218017046.tmp'
[INFO] 08:29:00.900 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=kotlin&acceptCompressions=pack200 | time=65ms
[INFO] 08:29:01.068 DEBUG: Download plugin 'php' to '/root/.sonar/_tmp/fileCache3814402654240094052.tmp'
[INFO] 08:29:01.112 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=php&acceptCompressions=pack200 | time=43ms
[INFO] 08:29:01.239 DEBUG: Download plugin 'pli' to '/root/.sonar/_tmp/fileCache2900381317344001144.tmp'
[INFO] 08:29:01.266 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=pli&acceptCompressions=pack200 | time=26ms
[INFO] 08:29:01.348 DEBUG: Download plugin 'plsql' to '/root/.sonar/_tmp/fileCache17141935376521464830.tmp'
[INFO] 08:29:01.373 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=plsql&acceptCompressions=pack200 | time=25ms
[INFO] 08:29:01.428 DEBUG: Download plugin 'python' to '/root/.sonar/_tmp/fileCache14991533865805346666.tmp'
[INFO] 08:29:01.457 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=python&acceptCompressions=pack200 | time=29ms
[INFO] 08:29:01.526 DEBUG: Download plugin 'rpg' to '/root/.sonar/_tmp/fileCache13292128835559921541.tmp'
[INFO] 08:29:01.555 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=rpg&acceptCompressions=pack200 | time=28ms
[INFO] 08:29:01.599 DEBUG: Download plugin 'ruby' to '/root/.sonar/_tmp/fileCache8163418878851079828.tmp'
[INFO] 08:29:01.656 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=ruby&acceptCompressions=pack200 | time=57ms
[INFO] 08:29:01.835 DEBUG: Download plugin 'sonarscala' to '/root/.sonar/_tmp/fileCache886028968327918306.tmp'
[INFO] 08:29:01.882 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=sonarscala&acceptCompressions=pack200 | time=46ms
[INFO] 08:29:02.051 DEBUG: Download plugin 'swift' to '/root/.sonar/_tmp/fileCache14704227674237064348.tmp'
[INFO] 08:29:02.076 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=swift&acceptCompressions=pack200 | time=25ms
[INFO] 08:29:02.132 DEBUG: Download plugin 'typescript' to '/root/.sonar/_tmp/fileCache595959032922751145.tmp'
[INFO] 08:29:02.151 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=typescript&acceptCompressions=pack200 | time=19ms
[INFO] 08:29:02.190 DEBUG: Download plugin 'tsql' to '/root/.sonar/_tmp/fileCache914407386362317531.tmp'
[INFO] 08:29:02.219 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=tsql&acceptCompressions=pack200 | time=29ms
[INFO] 08:29:02.280 DEBUG: Download plugin 'vbnet' to '/root/.sonar/_tmp/fileCache16485481781874330342.tmp'
[INFO] 08:29:02.326 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=vbnet&acceptCompressions=pack200 | time=46ms
[INFO] 08:29:02.408 DEBUG: Download plugin 'vb' to '/root/.sonar/_tmp/fileCache16249043945793988867.tmp'
[INFO] 08:29:02.435 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=vb&acceptCompressions=pack200 | time=26ms
[INFO] 08:29:02.532 DEBUG: Download plugin 'xml' to '/root/.sonar/_tmp/fileCache448944771366121258.tmp'
[INFO] 08:29:02.561 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=xml&acceptCompressions=pack200 | time=28ms
[INFO] 08:29:02.604 DEBUG: Download plugin 'scmsvn' to '/root/.sonar/_tmp/fileCache508242981766739551.tmp'
[INFO] 08:29:02.656 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=scmsvn&acceptCompressions=pack200 | time=51ms
[INFO] 08:29:02.822 DEBUG: Download plugin 'security' to '/root/.sonar/_tmp/fileCache8504193072116035205.tmp'
[INFO] 08:29:02.862 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=security&acceptCompressions=pack200 | time=40ms
[INFO] 08:29:02.927 DEBUG: Download plugin 'securitycsharpfrontend' to '/root/.sonar/_tmp/fileCache9149406203717978686.tmp'
[INFO] 08:29:02.967 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=securitycsharpfrontend&acceptCompressions=pack200 | time=40ms
[INFO] 08:29:03.037 DEBUG: Download plugin 'securityjavafrontend' to '/root/.sonar/_tmp/fileCache2557639520846511687.tmp'
[INFO] 08:29:03.061 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=securityjavafrontend&acceptCompressions=pack200 | time=24ms
[INFO] 08:29:03.094 DEBUG: Download plugin 'securityphpfrontend' to '/root/.sonar/_tmp/fileCache7291130686310087758.tmp'
[INFO] 08:29:03.120 DEBUG: GET 200 https://<my-sonar-host>/api/plugins/download?plugin=securityphpfrontend&acceptCompressions=pack200 | time=25ms
[INFO] 08:29:03.174 INFO: Load/download plugins (done) | time=5866ms
[INFO] 08:29:03.529 DEBUG: Plugins:
[INFO] 08:29:03.529 DEBUG:   * Svn (scmsvn)
[INFO] 08:29:03.529 DEBUG:   * SonarCSS (cssfamily)
[INFO] 08:29:03.529 DEBUG:   * SonarPLSQL (plsql)
[INFO] 08:29:03.529 DEBUG:   * SonarScala (sonarscala)
[INFO] 08:29:03.529 DEBUG:   * SonarC# (csharp)
[INFO] 08:29:03.529 DEBUG:   * Vulnerability Analysis (security)
[INFO] 08:29:03.529 DEBUG:   * SonarJava (java)
[INFO] 08:29:03.530 DEBUG:   * LDAP (ldap)
[INFO] 08:29:03.530 DEBUG:   * SonarHTML (web)
[INFO] 08:29:03.530 DEBUG:   * SonarFlex (flex)
[INFO] 08:29:03.530 DEBUG:   * SonarXML (xml)
[INFO] 08:29:03.530 DEBUG:   * Perl 0.5.2 (perl)
[INFO] 08:29:03.530 DEBUG:   * SonarTS (typescript)
[INFO] 08:29:03.530 DEBUG:   * SonarVB (vbnet)
[INFO] 08:29:03.530 DEBUG:   * SonarSwift (swift)
[INFO] 08:29:03.530 DEBUG:   * SonarCFamily (cpp)
[INFO] 08:29:03.530 DEBUG:   * SonarPython (python)
[INFO] 08:29:03.530 DEBUG:   * GitHub Authentication for SonarQube (authgithub)
[INFO] 08:29:03.531 DEBUG:   * JaCoCo (jacoco)
[INFO] 08:29:03.531 DEBUG:   * SonarGo (go)
[INFO] 08:29:03.531 DEBUG:   * SonarKotlin (kotlin)
[INFO] 08:29:03.531 DEBUG:   * SonarRPG (rpg)
[INFO] 08:29:03.531 DEBUG:   * SonarPLI (pli)
[INFO] 08:29:03.531 DEBUG:   * SonarTSQL (tsql)
[INFO] 08:29:03.531 DEBUG:   * SonarVB6 (vb)
[INFO] 08:29:03.531 DEBUG:   * SonarApex (sonarapex)
[INFO] 08:29:03.531 DEBUG:   * SonarJS (javascript)
[INFO] 08:29:03.531 DEBUG:   * SonarRuby (ruby)
[INFO] 08:29:03.531 DEBUG:   * Vulnerability Rules for C# (securitycsharpfrontend)
[INFO] 08:29:03.532 DEBUG:   * Vulnerability Rules for Java (securityjavafrontend)
[INFO] 08:29:03.532 DEBUG:   * License for SonarLint 7.9.4 (license)
[INFO] 08:29:03.532 DEBUG:   * SonarCOBOL (cobol)
[INFO] 08:29:03.532 DEBUG:   * Git (scmgit)
[INFO] 08:29:03.532 DEBUG:   * SAML 2.0 Authentication for SonarQube (authsaml)
[INFO] 08:29:03.532 DEBUG:   * SonarPHP (php)
[INFO] 08:29:03.532 DEBUG:   * SonarABAP (abap)
[INFO] 08:29:03.532 DEBUG:   * Vulnerability Rules for PHP (securityphpfrontend)
[INFO] 08:29:03.588 INFO: Loaded core extensions: developer-scanner
[INFO] 08:29:03.617 DEBUG: Installed core extension: developer-scanner
[INFO] 08:29:04.284 INFO: Process project properties
[INFO] 08:29:04.293 DEBUG: Process project properties (done) | time=9ms
[INFO] 08:29:04.294 INFO: Execute project builders
[INFO] 08:29:04.295 DEBUG: Execute project builder: org.sonar.plugins.csharp.CSharpGlobalProtobufFileProcessor
[INFO] 08:29:04.299 DEBUG: Execute project builder: org.sonar.plugins.vbnet.VbNetGlobalProtobufFileProcessor
[INFO] 08:29:04.301 INFO: Execute project builders (done) | time=7ms
[INFO] 08:29:04.305 INFO: Project key: cd-test-sonar-js-rules
[INFO] 08:29:04.305 INFO: Base dir: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run
[INFO] 08:29:04.305 INFO: Working dir: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/.scannerwork
[INFO] 08:29:04.305 DEBUG: Project global encoding: UTF-8, default locale: en_US
[INFO] 08:29:04.325 DEBUG: Creating module hierarchy
[INFO] 08:29:04.325 DEBUG:   Init module 'cd-test-sonar-js-rules'
[INFO] 08:29:04.326 DEBUG:     Base dir: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run
[INFO] 08:29:04.326 DEBUG:     Working dir: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/.scannerwork
[INFO] 08:29:04.326 DEBUG:     Module global encoding: UTF-8, default locale: en_US
[INFO] 08:29:04.347 INFO: Load project settings for component key: 'cd-test-sonar-js-rules'
[INFO] 08:29:04.394 DEBUG: GET 200 https://<my-sonar-host>/api/settings/values.protobuf?component=cd-test-sonar-js-rules | time=47ms
[INFO] 08:29:04.399 INFO: Load project settings for component key: 'cd-test-sonar-js-rules' (done) | time=52ms
[INFO] 08:29:04.413 INFO: Load project branches
[INFO] 08:29:04.448 DEBUG: GET 200 https://<my-sonar-host>/api/project_branches/list?project=cd-test-sonar-js-rules | time=35ms
[INFO] 08:29:04.460 INFO: Load project branches (done) | time=47ms
[INFO] 08:29:04.461 INFO: Load project pull requests
[INFO] 08:29:04.489 DEBUG: GET 200 https://<my-sonar-host>/api/project_pull_requests/list?project=cd-test-sonar-js-rules | time=27ms
[INFO] 08:29:04.498 INFO: Load project pull requests (done) | time=37ms
[INFO] 08:29:04.499 INFO: Load branch configuration
[INFO] 08:29:04.500 DEBUG: Found manual configuration of branch/PR analysis. Skipping automatic configuration.
[INFO] 08:29:04.503 INFO: Load branch configuration (done) | time=4ms
[INFO] 08:29:04.542 DEBUG: Available languages:
[INFO] 08:29:04.542 DEBUG:   * CSS => "css"
[INFO] 08:29:04.542 DEBUG:   * PL/SQL => "plsql"
[INFO] 08:29:04.542 DEBUG:   * Scala => "scala"
[INFO] 08:29:04.542 DEBUG:   * C# => "cs"
[INFO] 08:29:04.542 DEBUG:   * Java => "java"
[INFO] 08:29:04.542 DEBUG:   * HTML => "web"
[INFO] 08:29:04.542 DEBUG:   * JSP => "jsp"
[INFO] 08:29:04.542 DEBUG:   * Flex => "flex"
[INFO] 08:29:04.542 DEBUG:   * XML => "xml"
[INFO] 08:29:04.542 DEBUG:   * Perl => "perl"
[INFO] 08:29:04.542 DEBUG:   * TypeScript => "ts"
[INFO] 08:29:04.542 DEBUG:   * VB.NET => "vbnet"
[INFO] 08:29:04.542 DEBUG:   * Swift => "swift"
[INFO] 08:29:04.542 DEBUG:   * C => "c"
[INFO] 08:29:04.543 DEBUG:   * C++ => "cpp"
[INFO] 08:29:04.543 DEBUG:   * Objective-C => "objc"
[INFO] 08:29:04.543 DEBUG:   * Python => "py"
[INFO] 08:29:04.543 DEBUG:   * Go => "go"
[INFO] 08:29:04.543 DEBUG:   * Kotlin => "kotlin"
[INFO] 08:29:04.543 DEBUG:   * RPG => "rpg"
[INFO] 08:29:04.543 DEBUG:   * PL/I => "pli"
[INFO] 08:29:04.543 DEBUG:   * T-SQL => "tsql"
[INFO] 08:29:04.543 DEBUG:   * Vb => "vb"
[INFO] 08:29:04.543 DEBUG:   * Apex => "apex"
[INFO] 08:29:04.543 DEBUG:   * JavaScript => "js"
[INFO] 08:29:04.543 DEBUG:   * Ruby => "ruby"
[INFO] 08:29:04.543 DEBUG:   * COBOL => "cobol"
[INFO] 08:29:04.543 DEBUG:   * PHP => "php"
[INFO] 08:29:04.543 DEBUG:   * ABAP => "abap"
[INFO] 08:29:04.547 INFO: Load quality profiles
[INFO] 08:29:04.584 DEBUG: GET 200 https://<my-sonar-host>/api/qualityprofiles/search.protobuf?projectKey=cd-test-sonar-js-rules | time=36ms
[INFO] 08:29:04.630 INFO: Load quality profiles (done) | time=83ms
[INFO] 08:29:04.647 INFO: Load active rules
[INFO] 08:29:05.961 INFO: Load active rules (done) | time=1314ms
[INFO] 08:29:06.011 WARN: SCM provider autodetection failed. Please use "sonar.scm.provider" to define SCM of your project, or disable the SCM Sensor in the project settings.
[INFO] 08:29:06.019 INFO: Pull request 1 for merge into master from sonar
[INFO] 08:29:06.068 DEBUG: SCM information about changed files in the branch is not available
[INFO] 08:29:06.101 DEBUG: Declared extensions of language CSS were converted to sonar.lang.patterns.css : **/*.css,**/*.less,**/*.scss
[INFO] 08:29:06.101 DEBUG: Declared extensions of language PL/SQL were converted to sonar.lang.patterns.plsql : **/*.sql,**/*.pks,**/*.pkb
[INFO] 08:29:06.101 DEBUG: Declared extensions of language Scala were converted to sonar.lang.patterns.scala : **/*.scala
[INFO] 08:29:06.101 DEBUG: Declared extensions of language C# were converted to sonar.lang.patterns.cs : **/*.cs
[INFO] 08:29:06.101 DEBUG: Declared extensions of language Java were converted to : **/*.java,**/*.jav
[INFO] 08:29:06.102 DEBUG: Declared extensions of language HTML were converted to sonar.lang.patterns.web : **/*.html,**/*.xhtml,**/*.cshtml,**/*.vbhtml,**/*.aspx,**/*.ascx,**/*.rhtml,**/*.erb,**/*.shtm,**/*.shtml
[INFO] 08:29:06.102 DEBUG: Declared extensions of language JSP were converted to sonar.lang.patterns.jsp : **/*.jsp,**/*.jspf,**/*.jspx
[INFO] 08:29:06.102 DEBUG: Declared extensions of language Flex were converted to sonar.lang.patterns.flex : **/*.as
[INFO] 08:29:06.103 DEBUG: Declared extensions of language XML were converted to sonar.lang.patterns.xml : **/*.xml,**/*.xsd,**/*.xsl
[INFO] 08:29:06.103 DEBUG: Declared extensions of language Perl were converted to sonar.lang.patterns.perl : **/*.pm,**/*.pl,**/*.t
[INFO] 08:29:06.103 DEBUG: Declared extensions of language TypeScript were converted to sonar.lang.patterns.ts : **/*.ts,**/*.tsx
[INFO] 08:29:06.103 DEBUG: Declared extensions of language VB.NET were converted to sonar.lang.patterns.vbnet : **/*.vb
[INFO] 08:29:06.103 DEBUG: Declared extensions of language Swift were converted to sonar.lang.patterns.swift : **/*.swift
[INFO] 08:29:06.104 DEBUG: Declared extensions of language C were converted to sonar.lang.patterns.c : **/*.c,**/*.h
[INFO] 08:29:06.104 DEBUG: Declared extensions of language C++ were converted to sonar.lang.patterns.cpp : **/*.cc,**/*.cpp,**/*.cxx,**/*.c++,**/*.hh,**/*.hpp,**/*.hxx,**/*.h++,**/*.ipp
[INFO] 08:29:06.104 DEBUG: Declared extensions of language Objective-C were converted to sonar.lang.patterns.objc : **/*.m
[INFO] 08:29:06.105 DEBUG: Declared extensions of language Python were converted to : **/*.py
[INFO] 08:29:06.105 DEBUG: Declared extensions of language Go were converted to sonar.lang.patterns.go : **/*.go
[INFO] 08:29:06.105 DEBUG: Declared extensions of language Kotlin were converted to sonar.lang.patterns.kotlin : **/*.kt
[INFO] 08:29:06.105 DEBUG: Declared extensions of language RPG were converted to sonar.lang.patterns.rpg : **/*.rpg,**/*.rpgle,**/*.rpg,**/*.rpgle
[INFO] 08:29:06.105 DEBUG: Declared extensions of language PL/I were converted to sonar.lang.patterns.pli : **/*.pli
[INFO] 08:29:06.105 DEBUG: Declared extensions of language T-SQL were converted to sonar.lang.patterns.tsql : **/*.tsql
[INFO] 08:29:06.106 DEBUG: Declared extensions of language Vb were converted to sonar.lang.patterns.vb : **/*.vb,**/*.bas,**/*.frm,**/*.ctl,**/*.vb,**/*.bas,**/*.frm,**/*.ctl
[INFO] 08:29:06.106 DEBUG: Declared extensions of language Apex were converted to sonar.lang.patterns.apex : **/*.cls,**/*.trigger
[INFO] 08:29:06.106 DEBUG: Declared extensions of language JavaScript were converted to sonar.lang.patterns.js : **/*.js,**/*.jsx,**/*.vue
[INFO] 08:29:06.106 DEBUG: Declared extensions of language Ruby were converted to sonar.lang.patterns.ruby : **/*.rb
[INFO] 08:29:06.106 DEBUG: Declared extensions of language COBOL were converted to sonar.lang.patterns.cobol : 
[INFO] 08:29:06.107 DEBUG: Declared extensions of language PHP were converted to sonar.lang.patterns.php : **/*.php,**/*.php3,**/*.php4,**/*.php5,**/*.phtml,**/*.inc
[INFO] 08:29:06.107 DEBUG: Declared extensions of language ABAP were converted to sonar.lang.patterns.abap : **/*.abap,**/*.ab4,**/*.flow,**/*.asprog
[INFO] 08:29:06.109 DEBUG: Will ignore generated code
[INFO] 08:29:06.110 DEBUG: Will ignore generated code
[INFO] 08:29:06.112 INFO: Indexing files...
[INFO] 08:29:06.112 INFO: Project configuration:
[INFO] 08:29:06.115 INFO:   Excluded sources: **/node_modules/**, **/*.spec.*, chart/**, .build/**, .cds/**, nginx/**
[INFO] 08:29:06.151 INFO: Load project repositories
[INFO] 08:29:06.170 DEBUG: GET 200 https://<my-sonar-host>/batch/project.protobuf?key=cd-test-sonar-js-rules&branch=master | time=19ms
[INFO] 08:29:06.184 INFO: Load project repositories (done) | time=33ms
[INFO] 08:29:06.184 DEBUG: 'index.js' generated metadata with charset 'UTF-8'
[INFO] 08:29:06.189 DEBUG: 'index.js' indexed with language 'js'
[INFO] 08:29:06.192 DEBUG: 'package-lock.json' indexed with language 'null'
[INFO] 08:29:06.195 DEBUG: '' indexed with language 'null'
[INFO] 08:29:06.197 DEBUG: 'package.json' indexed with language 'null'
[INFO] 08:29:06.200 INFO: 4 files indexed
[INFO] 08:29:06.200 INFO: 0 files ignored because of inclusion/exclusion patterns
[INFO] 08:29:06.201 INFO: Quality profile for js: Sonar way Recommended
[INFO] 08:29:06.201 INFO: ------------- Run sensors on module cd-test-sonar-js-rules
[INFO] 08:29:06.452 INFO: Load metrics repository
[INFO] 08:29:06.472 DEBUG: GET 200 https://<my-sonar-host>/api/metrics/search?f=name,description,direction,qualitative,custom&ps=500&p=1 | time=20ms
[INFO] 08:29:06.487 INFO: Load metrics repository (done) | time=35ms
[WARN] WARNING: An illegal reflective access operation has occurred
[WARN] WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/root/.sonar/cache/19cdb6f5b83db737dc4feff9cc695fb2/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,
[WARN] WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
[WARN] WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
[WARN] WARNING: All illegal access operations will be denied in a future release
[...] <I remove some very verbose log>
[INFO] 08:29:09.616 INFO: Sensor JavaXmlSensor [java]
[INFO] 08:29:09.617 INFO: Sensor JavaXmlSensor [java] (done) | time=1ms
[INFO] 08:29:09.617 INFO: Sensor HTML [web]
[INFO] 08:29:09.631 INFO: Sensor HTML [web] (done) | time=14ms
[INFO] 08:29:09.631 INFO: Sensor JaCoCo XML Report Importer [jacoco]
[INFO] 08:29:09.634 DEBUG: No reports found
[INFO] 08:29:09.634 INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
[INFO] 08:29:09.634 INFO: Sensor SonarJS [javascript]
[INFO] 08:29:09.640 INFO: 1 source files to be analyzed
[INFO] 08:29:09.919 INFO: Sensor SonarJS [javascript] (done) | time=285ms
[INFO] 08:29:09.919 INFO: Sensor ESLint-based SonarJS [javascript]
[INFO] 08:29:09.920 DEBUG: Deploying eslint-bridge into /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/.scannerwork/.sonartmp/eslint-bridge-bundle
[INFO] 08:29:09.919 INFO: 1/1 source files have been analyzed
[INFO] 08:29:11.219 DEBUG: Deployment done in 1299ms
[INFO] 08:29:11.221 DEBUG: Using default Node.js executable: 'node'.
[INFO] 08:29:11.221 DEBUG: Checking Node.js version
[INFO] 08:29:11.226 DEBUG: Launching command [node, -v]
[INFO] 08:29:11.250 DEBUG: Using Node.js v12.22.1.
[INFO] 08:29:11.250 DEBUG: Launching command [node, /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/.scannerwork/.sonartmp/eslint-bridge-bundle/node_modules/eslint-bridge/bin/server, 44055]
[INFO] 08:29:11.250 DEBUG: Starting Node.js process to start eslint-bridge server at port 44055
[INFO] 08:29:11.728 DEBUG: starting eslint-bridge server at port 44055
[INFO] 08:29:11.744 DEBUG: eslint-bridge server is running at port 44055
[INFO] 08:29:11.754 DEBUG: Server is started
[INFO] 08:29:11.755 INFO: 1 source files to be analyzed
[INFO] 08:29:12.002 INFO: Sensor ESLint-based SonarJS [javascript] (done) | time=2083ms
[INFO] 08:29:12.002 INFO: 1/1 source files have been analyzed
[INFO] 08:29:12.002 INFO: Sensor JavaSecuritySensor [security]
[INFO] 08:29:12.003 INFO: Reading type hierarchy from: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/.scannerwork/ucfg2/java
[INFO] 08:29:12.003 INFO: Read 0 type definitions
[INFO] 08:29:12.006 INFO: Reading UCFGs from: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/.scannerwork/ucfg2/java
[INFO] 08:29:12.007 INFO: No UCFGs have been included for analysis.
[INFO] 08:29:12.007 INFO: Sensor JavaSecuritySensor [security] (done) | time=5ms
[INFO] 08:29:12.007 INFO: Sensor CSharpSecuritySensor [security]
[INFO] 08:29:12.007 INFO: Reading type hierarchy from: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/ucfg_cs2
[INFO] 08:29:12.007 INFO: Read 0 type definitions
[INFO] 08:29:12.007 INFO: Reading UCFGs from: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/ucfg_cs2
[INFO] 08:29:12.007 INFO: No UCFGs have been included for analysis.
[INFO] 08:29:12.007 INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
[INFO] 08:29:12.007 INFO: Sensor PhpSecuritySensor [security]
[INFO] 08:29:12.007 INFO: Reading type hierarchy from: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/.scannerwork/ucfg2/php
[INFO] 08:29:12.007 INFO: Read 0 type definitions
[INFO] 08:29:12.007 INFO: Reading UCFGs from: /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/.scannerwork/ucfg2/php
[INFO] 08:29:12.007 INFO: No UCFGs have been included for analysis.
[INFO] 08:29:12.007 INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
[INFO] 08:29:12.009 INFO: ------------- Run sensors on project
[INFO] 08:29:12.012 DEBUG: 'Java CPD Block Indexer' skipped because there is no related file in current project
[INFO] 08:29:12.012 DEBUG: Sensors : Zero Coverage Sensor
[INFO] 08:29:12.012 INFO: Sensor Zero Coverage Sensor
[INFO] 08:29:12.057 INFO: Sensor Zero Coverage Sensor (done) | time=45ms
[INFO] 08:29:12.060 INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
[INFO] 08:29:12.065 INFO: Calculating CPD for 1 file
[INFO] 08:29:12.066 DEBUG: Detection of duplications for /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/index.js
[INFO] 08:29:12.082 INFO: CPD calculation finished
[INFO] 08:29:12.181 INFO: Analysis report generated in 98ms, dir size=167 KB
[INFO] 08:29:12.196 INFO: Analysis report compressed in 14ms, zip size=26 KB
[INFO] 08:29:12.196 INFO: Analysis report generated in /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/.scannerwork/scanner-report
[INFO] 08:29:12.196 DEBUG: Upload report
[INFO] 08:29:12.232 DEBUG: POST 200 https://<my-sonar-host>/api/ce/submit?projectKey=cd-test-sonar-js-rules&projectName=cd-test-sonar-js-rules&characteristic=pullRequest%3D1 | time=35ms
[INFO] 08:29:12.235 INFO: Analysis report uploaded in 39ms
[INFO] 08:29:12.237 INFO: ANALYSIS SUCCESSFUL, you can browse https://<my-sonar-host>/dashboard?id=cd-test-sonar-js-rules&pullRequest=1
[INFO] 08:29:12.237 INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] 08:29:12.237 INFO: More about the report processing at https://<my-sonar-host>/api/ce/task?id=AXnWI_iab1m8YKkS0CiJ
[INFO] 08:29:12.238 DEBUG: Report metadata written to /tmp/0da8ad6852f9808cb729b11afe52b1ff/run/.scannerwork/report-task.txt
[INFO] 08:29:12.242 DEBUG: Post-jobs : 
[INFO] 08:29:12.635 INFO: Analysis total time: 9.045 s
[INFO] 08:29:12.636 INFO: ------------------------------------------------------------------------
[INFO] 08:29:12.636 INFO: ------------------------------------------------------------------------
[INFO] 08:29:12.636 INFO: Total time: 17.753s
[INFO] 08:29:12.734 INFO: Final Memory: 31M/117M
[INFO] 08:29:12.734 INFO: ------------------------------------------------------------------------

Hi @francoissamin ,

At the moment, I could reproduce as follows:

  • Setting properties of undefined object attributes involving the “this” keyword is not flagged as an issue, when it should. This may be a current limitation.
  • If you try to access the “length” attribute of any variable, this is not flagged as an issue despite what the documentation of the rule states. This may be an issue to fix on our end.

I have taken this up internally with the right team. I will come back here with a conclusion.

Ok, many thanks for the feedback

Hi @Daniel_Meppiel,

Did you get some news about this topic ?


Hi @francoissamin ,

After checking internally, indeed, we don’t support cross-procedural detection for rule S2259 in JS/TS, and we don’t have plans to improve that in the short term (probably not in 2021). So:

Thanks for your feedback on this FN, which will help us improve the product!

Is there a rule which we can use to check for any null or undefined assigned variables for a typescript projects?