.NET scanner - incorrect FilesToAnalyze.txt generated with newer version of esproj SDK

Hello,

We use esproj projects and we found that if we use a recent version of Microsoft.VisualStudio.JavaScript.SDK, the generated FilesToAnalyze.txt for esproj project shows PROJECTDIR/**/* instead of files to scan.

We don’t get the issue with Microsoft.VisualStudio.JavaScript.Sdk/1.0.784122 but on version Microsoft.VisualStudio.JavaScript.Sdk/1.0.1184077 and also the latest, published 2 days ago, the issue is here.

I made some checks to find from which sdk version it stopped working, and I found it was from Microsoft.VisualStudio.JavaScript.SDK/1.0.824748.

Also, I found that if we restart the dotnet build command on solution a second time, FilesToAnalyze.txt from esproj projet are populated with right source files.

Issue found on Sonarscanner version 8.0.1 to 9.0.0 with .NET 8.0.8 CLI and .NET SDK 8.0.401

What we have on non working SDK versions :

/builds/solution-directory/Solution.Project.ClientApp/**/*
/builds/solution-directory/Solution.Project.ClientApp/.vscode/launch.json

and on working SDK versions :

/builds/solution-directory/Solution.Project.ClientApp/.editorconfig
/builds/solution-directory/Solution.Project.ClientApp/.gitignore
/builds/solution-directory/Solution.Project.ClientApp/angular.json
/builds/solution-directory/Solution.Project.ClientApp/aspnetcore-https.js
/builds/solution-directory/Solution.Project.ClientApp/CHANGELOG.md
/builds/solution-directory/Solution.Project.ClientApp/eslint.config.js
/builds/solution-directory/Solution.Project.ClientApp/jest.config.js
/builds/solution-directory/Solution.Project.ClientApp/nuget.config
/builds/solution-directory/Solution.Project.ClientApp/package-lock.hash
/builds/solution-directory/Solution.Project.ClientApp/package-lock.json
/builds/solution-directory/Solution.Project.ClientApp/package.json
/builds/solution-directory/Solution.Project.ClientApp/public/favicon.ico
/builds/solution-directory/Solution.Project.ClientApp/README.md
/builds/solution-directory/Solution.Project.ClientApp/setup-jest.ts
/builds/solution-directory/Solution.Project.ClientApp/sheriff.config.ts
/builds/solution-directory/Solution.Project.ClientApp/src/app/app-routing.module.ts
/builds/solution-directory/Solution.Project.ClientApp/src/app/app.component.css
/builds/solution-directory/Solution.Project.ClientApp/src/app/app.component.html
/builds/solution-directory/Solution.Project.ClientApp/src/app/app.component.spec.ts
/builds/solution-directory/Solution.Project.ClientApp/src/app/app.component.ts
/builds/solution-directory/Solution.Project.ClientApp/src/app/app.module.ts
/builds/solution-directory/Solution.Project.ClientApp/src/index.html
/builds/solution-directory/Solution.Project.ClientApp/src/main.ts
/builds/solution-directory/Solution.Project.ClientApp/src/proxy.conf.js
/builds/solution-directory/Solution.Project.ClientApp/src/styles.css
/builds/solution-directory/Solution.Project.ClientApp/tsconfig.app.json
/builds/solution-directory/Solution.Project.ClientApp/tsconfig.spec.json
/builds/solution-directory/Solution.Project.ClientApp/.vscode/launch.json

Hi @Nathanael-Mtd,

I’ve tried to reproduce your scenario without any luck.

This is the configuration I’ve used:

  • dotnet 8.0.304 (I’ve tried also with 9.0.0-rc.1.24431.7)
  • Scanner for .NET v9
  • Microsoft.VisualStudio.JavaScript.SDK versions 1.0.1738743 (latest) and 1.0.586930 (first stable version)
  • And the following project: JSProj.zip (12.9 KB)

In my case, the analysis worked, and the src\main.js.ts file was analyzed, together with app.js and eslint.config.js.

Could you please create a small reproducer project? You can try using the same project as me and updating it with any particularities your project might have.

Thanks,
Costin

Hi,

Ok that’s weird, I have the same issue with FilesToAnalyze.txt and */ in it and that warning 14:34:26.449 WARNING: File '/root/JSProj/JSProj/**/*' does not exist. during dotnet sonarscanner end, but SonarQube scans the project without issues.

I try to reproduce by adding more files, but I can’t reproduce yet.

Maybe you can have an idea, when I end the scan on our projet, I got these results :

SDK versions with issues

INFO: Indexing files of module 'Solution.Project.ClientApp'
INFO:   Base dir: /builds/solution-directory/Solution.Project.ClientApp
INFO:   Source paths: .vscode/launch.json
INFO:   Excluded sources: Solution.Project.ClientApp/**/*.spec.ts, Solution.Project.ClientApp/**/node_modules/**, Solution.Project.Test/**/*, Solution.Project.Infrastructure/**/Migrations/*, **/Migrations/*.cs, Solution.Project.ClientApp/**/*.spec.ts, Solution.Project.Tests/**/*
INFO:   Included tests: Solution.Project.ClientApp/**/*.spec.ts, Solution.Project.Tests/**/*
INFO:   Excluded sources for coverage: **/Test*.cs, **/Migrations/**/*.cs, **/Program.cs, **/Startup.cs
INFO:   Excluded sources for duplication: **/Migrations/**/*.cs

Working version :

INFO: Indexing files of module 'Solution.Project.ClientApp'
INFO:   Base dir: /builds/solution-directory/Solution.Project.ClientApp
INFO:   Source paths: .editorconfig, .gitignore, angular.json, aspnetcore-https.js,...
INFO:   Excluded sources: Solution.Project.ClientApp/**/*.spec.ts, Solution.Project.ClientApp/**/node_modules/**, Solution.Project.Test/**/*, Solution.Project.Infrastructure/**/Migrations/*, Solution.Project.ClientApp/**/*.spec.ts, Solution.Project.Tests/**/*
INFO:   Included tests: Solution.Project.ClientApp/**/*.spec.ts, Solution.Project.Tests/**/*
INFO:   Excluded sources for coverage: **/Test*.cs, **/Migrations/**/*.cs, **/Program.cs, **/Startup.cs
INFO:   Excluded sources for duplication: **/Migrations/**/*.cs

You can see the .vscode/launch.json only on the non working version

Could you please share with us the debug logs for the begin and end steps? You can do this by providing the /d:sonar.verbose=true parameter to the begin step.

Please feel free to sanitize the logs and remove the secrets or any confidential information.

Sure. Our esproj projet is Solution.Project.ClientApp.

There are some text issues when I removed some informations like Excluded sources, but you can find the sonarscanner begin command at first line of the first log file

dotnet_sonar_start.log (12.3 KB)

dotnet_sonar_end.log (320.7 KB)

I wonder what’s different between our environments. I’ve run this on Ubuntu 22.04.3 LTS, thinking that it’s the operating system, but it does not seem to be. I do not get the warning you’re mentioning.

This is how the FilesToAnalyze.txt looks on my PC:

/mnt/d/tmp/JSProj/JSProj/app.js
/mnt/d/tmp/JSProj/JSProj/eslint.config.js
/mnt/d/tmp/JSProj/JSProj/package-lock.json
/mnt/d/tmp/JSProj/JSProj/package.json
/mnt/d/tmp/JSProj/JSProj/src/main.js.ts
/mnt/d/tmp/JSProj/JSProj/JSProj.esproj.user

If you search in the esproj file, do you use a pattern similar to Solution.Project.ClientApp/**/*?

It seems that, for some unknown reason, the pattern is not expanded during the build on your machine.

You can check by configuring the dotnet build to export a binary log file (`dotnet build—-no-incremental /v:d—bl:build-logs. biology) and opening it with MSBuild Binary and Structured Log Viewer to understand why the pattern is not resolved during the build.

Since you got the warning on the reproducer project, could you build it, export the binary logs for the reproducer, and attach the file to this thread?