ALM used - Bitbucket Cloud
CI system used - Bitbucket Cloud
Languages of the repository - Mostly JavaScript (Some XML)
Most of the JS Code we are analyzing has the following format:
ObjectPageExt.controller.js :
sap.ui.define([
"sap/ui/controller"
], function (Controller) {
"use strict";
return Controller("com.namespace", {
i18nPath: "i18n",
testFunction: function (oEvent) {
var a = 0;
var b = 0;
if(a == b) console.log('yay');
// comment
}
});
});
As we can see in the above code example, there is an if condition with ‘==’ which is against one of the JavaScript rules which is active. Also, it doesn’t flag the comment, as seen the code above, usually it would create an issue saying please remove commented code .
This leads me think that SonarCloud is actually not working at all, it’s not catching anything not only these particular rules, if the community could help us figure out what is the issue, that’ll be great.
Maybe it is due to the fact that the function is declared as object field? If so, can there be a work around?
I checked our other projects on SonarCloud, JavaScript rules are working as intended, is the same file structure mentioned above.
Not sure why it detects issues in one and not the other.
Lena
March 18, 2020, 4:55pm
3
Is file analyzed? Does it have highlighting and measures?
Please check the logs for errors
Yes, the file is analyzed as seen below:
I’m not sure where I can find the error logs, for a BitBucket Cloud Pipeline scenario, but below is the Log from the pipeline:
+ umask 000
+ GIT_LFS_SKIP_SMUDGE=1 retry 6 git clone --branch="X" https://x-token-auth:$REPOSITORY_OAUTH_ACCESS_TOKEN@bitbucket.org/$BITBUCKET_REPO_FULL_NAME.git $BUILD_DIR
Cloning into '/opt/atlassian/pipelines/agent/build'...
+ git reset --hard 5682770902f4
HEAD is now at 5682770 From === to ==
+ git config user.name bitbucket-pipelines
+ git config user.email commits-noreply@bitbucket.org
+ git config push.default current
+ git config http.${BITBUCKET_GIT_HTTP_ORIGIN}.proxy http://localhost:29418/
+ git remote set-url origin http://bitbucket.org/$BITBUCKET_REPO_FULL_NAME
+ git reflog expire --expire=all --all
+ echo ".bitbucket/pipelines/generated" >> .git/info/exclude
+ CONFLICT_EXIT_CODE=3
+ git merge f3017f7f85d9 --no-edit || exit $CONFLICT_EXIT_CODE
Already up to date!
Merge made by the 'recursive' strategy.
+ chmod 777 $BUILD_DIR
Cache "sonar": Downloading
Cache "sonar": Not found
+ docker container run \
--volume=/opt/atlassian/pipelines/agent/build:/opt/atlassian/pipelines/agent/build \
--volume=/opt/atlassian/pipelines/agent/ssh:/opt/atlassian/pipelines/agent/ssh:ro \
--volume=/usr/local/bin/docker:/usr/local/bin/docker:ro \
--volume=/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes:/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes \
--volume=/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/sonarsource/sonarcloud-scan:/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/sonarsource/sonarcloud-scan \
--workdir=$(pwd) \
--label=org.bitbucket.pipelines.system=true \
--env=BITBUCKET_STEP_TRIGGERER_UUID="$BITBUCKET_STEP_TRIGGERER_UUID" \
--env=BITBUCKET_REPO_FULL_NAME="$BITBUCKET_REPO_FULL_NAME" \
--env=BITBUCKET_GIT_HTTP_ORIGIN="$BITBUCKET_GIT_HTTP_ORIGIN" \
--env=BITBUCKET_PROJECT_UUID="$BITBUCKET_PROJECT_UUID" \
--env=BITBUCKET_REPO_IS_PRIVATE="$BITBUCKET_REPO_IS_PRIVATE" \
--env=BITBUCKET_WORKSPACE="$BITBUCKET_WORKSPACE" \
--env=BITBUCKET_PR_DESTINATION_COMMIT="$BITBUCKET_PR_DESTINATION_COMMIT" \
--env=BITBUCKET_REPO_OWNER_UUID="$BITBUCKET_REPO_OWNER_UUID" \
--env=BITBUCKET_BRANCH="$BITBUCKET_BRANCH" \
--env=BITBUCKET_REPO_UUID="$BITBUCKET_REPO_UUID" \
--env=BITBUCKET_PROJECT_KEY="$BITBUCKET_PROJECT_KEY" \
--env=BITBUCKET_REPO_SLUG="$BITBUCKET_REPO_SLUG" \
--env=CI="$CI" \
--env=BITBUCKET_PR_ID="$BITBUCKET_PR_ID" \
--env=BITBUCKET_REPO_OWNER="$BITBUCKET_REPO_OWNER" \
--env=BITBUCKET_STEP_RUN_NUMBER="$BITBUCKET_STEP_RUN_NUMBER" \
--env=BITBUCKET_BUILD_NUMBER="$BITBUCKET_BUILD_NUMBER" \
--env=BITBUCKET_GIT_SSH_ORIGIN="$BITBUCKET_GIT_SSH_ORIGIN" \
--env=BITBUCKET_COMMIT="$BITBUCKET_COMMIT" \
--env=BITBUCKET_PR_DESTINATION_BRANCH="$BITBUCKET_PR_DESTINATION_BRANCH" \
--env=BITBUCKET_CLONE_DIR="$BITBUCKET_CLONE_DIR" \
--env=PIPELINES_JWT_TOKEN="$PIPELINES_JWT_TOKEN" \
--env=BITBUCKET_DOCKER_HOST_INTERNAL="$BITBUCKET_DOCKER_HOST_INTERNAL" \
--env=DOCKER_HOST="tcp://host.docker.internal:2375" \
--env=BITBUCKET_PIPE_SHARED_STORAGE_DIR="/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes" \
--env=BITBUCKET_PIPE_STORAGE_DIR="/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/sonarsource/sonarcloud-scan" \
--env=SONAR_TOKEN="${SONAR_TOKEN}" \
--add-host="host.docker.internal:$BITBUCKET_DOCKER_HOST_INTERNAL" \
sonarsource/sonarcloud-scan:1.0.1
Unable to find image 'sonarsource/sonarcloud-scan:1.0.1' locally
1.0.1: Pulling from sonarsource/sonarcloud-scan
27833a3ba0a5: Pulling fs layer
16d944e3d00d: Pulling fs layer
6aaf465b8930: Pulling fs layer
0684138f4cb6: Pulling fs layer
67c4e741e688: Pulling fs layer
783178df3a0c: Pulling fs layer
d0dc10fff37d: Pulling fs layer
8ecc489c7d12: Pulling fs layer
fa53c38fc94e: Pulling fs layer
7e9295ed80e6: Pulling fs layer
3c6fac14ec37: Pulling fs layer
0684138f4cb6: Waiting
67c4e741e688: Waiting
783178df3a0c: Waiting
d0dc10fff37d: Waiting
8ecc489c7d12: Waiting
fa53c38fc94e: Waiting
7e9295ed80e6: Waiting
3c6fac14ec37: Waiting
16d944e3d00d: Verifying Checksum
16d944e3d00d: Download complete
6aaf465b8930: Download complete
27833a3ba0a5: Verifying Checksum
27833a3ba0a5: Download complete
67c4e741e688: Verifying Checksum
67c4e741e688: Download complete
0684138f4cb6: Download complete
8ecc489c7d12: Verifying Checksum
8ecc489c7d12: Download complete
d0dc10fff37d: Verifying Checksum
d0dc10fff37d: Download complete
fa53c38fc94e: Verifying Checksum
fa53c38fc94e: Download complete
3c6fac14ec37: Verifying Checksum
3c6fac14ec37: Download complete
7e9295ed80e6: Verifying Checksum
7e9295ed80e6: Download complete
783178df3a0c: Verifying Checksum
783178df3a0c: Download complete
27833a3ba0a5: Pull complete
16d944e3d00d: Pull complete
6aaf465b8930: Pull complete
0684138f4cb6: Pull complete
67c4e741e688: Pull complete
783178df3a0c: Pull complete
d0dc10fff37d: Pull complete
8ecc489c7d12: Pull complete
fa53c38fc94e: Pull complete
7e9295ed80e6: Pull complete
3c6fac14ec37: Pull complete
Digest: sha256:87b55bfefaa752e467abf4f5dd34a00e2ac95e14b6aa79924df5ed17e97e2cdb
Status: Downloaded newer image for sonarsource/sonarcloud-scan:1.0.1
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarQube Scanner 3.3.0.1492
INFO: Java 11.0.2 Oracle Corporation (64-bit)
INFO: Linux 4.19.78-coreos amd64
INFO: Bitbucket Cloud Pipelines detected
INFO: User cache: /root/.sonar/cache
INFO: SonarQube server 8.0.0
INFO: Default locale: "en", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=597ms
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=133ms
INFO: Load/download plugins (done) | time=27356ms
INFO: Loaded core extensions: developer-scanner
INFO: Detected project key 'X' from 'Bitbucket Cloud Pipelines'
INFO: Detected organization key 'X' from 'Bitbucket Cloud Pipelines'
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=5ms
INFO: Project key: X
INFO: Base dir: /opt/atlassian/pipelines/agent/build
INFO: Working dir: /opt/atlassian/pipelines/agent/build/.scannerwork
INFO: Load project settings for component key: 'X'
INFO: Load project settings for component key: 'X' (done) | time=203ms
INFO: Found an active CI vendor: 'Bitbucket Pipelines'
INFO: Load project branches
INFO: Load project branches (done) | time=105ms
INFO: Check ALM binding of project 'X'
INFO: Detected project binding: BOUND
INFO: Check ALM binding of project 'X' (done) | time=96ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=114ms
INFO: Load branch configuration
INFO: Detected analysis for pull request '2' targeting 'master'
INFO: Auto-configuring pull request 2
INFO: Load branch configuration (done) | time=643ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=166ms
INFO: Load active rules
INFO: Load active rules (done) | time=3391ms
INFO: Organization key: X
INFO: Pull request 2 for merge into master from X
INFO: SCM collecting changed files in the branch
WARN: locking FileBasedConfig[/root/.config/jgit/config] failed after 5 retries
INFO: SCM collecting changed files in the branch (done) | time=6701ms
INFO: Indexing files...
INFO: Project configuration:
INFO: Included sources: webapp/manifest.json, webapp/annotations/**/*.*, webapp/ext/**/*.*
INFO: Excluded sources for coverage: **/**
INFO: 14 files indexed
INFO: 35 files ignored because of inclusion/exclusion patterns
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for js: Sonar way
INFO: Quality profile for xml: Sonar way
INFO: ------------- Run sensors on module X
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=104ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/root/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
INFO: Sensor SonarCSS Rules [cssfamily]
INFO: No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=4ms
INFO: Sensor JavaXmlSensor [java]
INFO: 10 source files to be analyzed
INFO: Sensor JavaXmlSensor [java] (done) | time=325ms
INFO: 10/10 source files have been analyzed
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=4ms
INFO: Sensor XML Sensor [xml]
INFO: 10 source files to be analyzed
INFO: Sensor XML Sensor [xml] (done) | time=340ms
INFO: 10/10 source files have been analyzed
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=4ms
INFO: Sensor JavaScript analysis [javascript]
INFO: 3 source files to be analyzed
INFO: 3/3 source files have been analyzed
INFO: Sensor SonarJS [javascript]
INFO: 3 source files to be analyzed
INFO: Sensor SonarJS [javascript] (done) | time=769ms
INFO: Sensor JavaScript analysis [javascript] (done) | time=3973ms
INFO: 3/3 source files have been analyzed
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=2ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/java
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/java
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=8ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/ucfg_cs2
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/ucfg_cs2
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=7ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/php
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/php
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=4ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/python
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /opt/atlassian/pipelines/agent/build/.scannerwork/ucfg2/python
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=4ms
INFO: ------------- Run sensors on project
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=0ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 9 source files to be analyzed
INFO: SCM Publisher 9/9 source files have been analyzed (done) | time=401ms
INFO: CPD Executor 1 file had no CPD blocks
INFO: CPD Executor Calculating CPD for 2 files
INFO: CPD Executor CPD calculation finished (done) | time=66ms
INFO: SCM writing changed lines
WARN: File '/opt/atlassian/pipelines/agent/build/webapp/ext/controller/ListReportExt.controller.js' was detected as changed but without having changed lines
INFO: SCM writing changed lines (done) | time=212ms
INFO: Analysis report generated in 473ms, dir size=196 KB
INFO: Analysis report compressed in 74ms, zip size=54 KB
INFO: Analysis report uploaded in 297ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=X&pullRequest=2
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=X
INFO: Analysis total time: 23.761 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 55.578s
INFO: Final Memory: 32M/128M
INFO: ------------------------------------------------------------------------
e[32m✔ SonarCloud analysis was successful.e[0m
Assembling contents of new cache 'sonar'
Searching for files matching artifact pattern .bitbucket/pipelines/generated/pipeline/pipes/**
Artifact pattern .bitbucket/pipelines/generated/pipeline/pipes/** matched 1 files with a total size of 7.7 KiB
Compressed files matching artifact pattern .bitbucket/pipelines/generated/pipeline/pipes/** to 2.3 KiB in 0 seconds
Uploading artifact of 2.3 KiB
Successfully uploaded artifact in 1 seconds
Searching for test report files in directories named [test-results, failsafe-reports, test-reports, surefire-reports] down to a depth of 4
Finished scanning for test reports. Found 0 test report files.
Merged test suites, total number tests is 0, with 0 failures and 0 errors.
Ok so I just checked the Quality Profiles / JavaScript (clicked on the link from the project).
I searched for the == and comment rules, they don’t seem to be present. So from what I understand the Sonar Way JavaScript rules only have 100 rules but there seem to be 800+ total, so that means not all are active? Thus it’s not highlighting these issues in the project?
Please advice, should I create a new Quality Profile or does sonar cloud provide a slightly wider quality gate that leverages some more of the 800+ rules.
It’s all good, I was just using the wrong Quality Profiles. I’ve changed it. Nothing wrong with the SonarCloud scanner, sorry for the false alarm!
