jwfx
November 26, 2024, 3:28pm
1
Tested with:
Community Edition v10.7 (96327)
dotnet-sonarscanner 9.0.2
SARIF import fails when region.startColumn and region.endColumn are equal
The issue was initially reported here:
BTW, for trivy, the sarif import cannot be imported because the region looks like this :
"region": {
"startLine": 17,
"startColumn": 1,
"endLine": 17,
"endColumn": 1
}
If the startColumn and endColumn keys are removed, the issue does not appear anymore (though the SQ issue will be targeted towards the whole line). To do this :
temporary_report=`mktemp`
report_path="trivy…
And the subsequently turned into a ticket here:https://sonarsource.atlassian.net/browse/SONAR-18180
Which was fixed in version 9.9.
In version 10.7, and most likely versions before that, it looks like the issue has reappeared.
SARIF reports produced by the dotnet-sonarscanner contain reports like
this.
{
"ruleId": "IDE0055",
"level": "note",
"message": "Fix formatting",
"locations": [
{
"resultFile": {
"uri": "file:///D:/test/test.cs",
"region": {
"startLine": 178,
"startColumn": 58,
"endLine": 178,
"endColumn": 58
}
}
}
],
"properties": {
"warningLevel": 1
}
}
After uploading these reports, all the violations where startColumn and endColumn are equal, are missing.
When modifying the endColumn + 1 before uploading, everything works as expected.
Colin
November 26, 2024, 3:32pm
2
It looks like we worked on the SARIF parser in 10.7, so it may indeed just be 10.7. SONAR-22537
I’ve flagged this for the right team. They’ll be along. Thanks for the report.
jwfx
November 26, 2024, 3:34pm
4
Wow, thank you for the fast reaction.
jwfx
December 10, 2024, 2:49pm
7
Is this being tracked somewhere? I can seem to find any ticket, maybe I’m looking in the wrong place?
Hi @jwfx ,
Sorry for not giving any updates.
I could not reproduce it with the current version of our codebase. Either something else indirectly fixed it, or I missed something.
I will take a bit more time this week to investigate deeper.
Hi @jwfx ,
I tested it on 10.7.0.96327 version and I could not reproduce it either.
I got a json format issue with the SARIF snippet you provided. In my opinion, “resultFile” object should not be there.
In the meantime, would you be able to share the full report that was generated?
jwfx
December 13, 2024, 10:25am
11
@antoine.vinot
I just retested with v24.12.0.100206 and it looks like the issues are now tracked by SonarQube.
The way these type of “same column” issues are rendered in the UI is very unfortunate though:
Example: The issue is a missing whitespace after “if”
Summary
The Issues.json looks like this
Summary
"results": [
{
"ruleId": "IDE0055",
"level": "note",
"message": "Fix formatting",
"locations": [
{
"resultFile": {
"uri": "file:///D:/downloads/SonarQubeSarifRepro/SonarQubeSarifRepro/Program.cs",
"region": {
"startLine": 7,
"startColumn": 15,
"endLine": 7,
"endColumn": 15
}
}
}
],
"properties": {
"warningLevel": 1
}
}
],
In the SonarQube UI it looks like there is a formatting issue somewhere in the whole file, which is not very helpful.
After manually changing endColumn to 16 in Issues.json it looks like this instead:
Would be nice if this could be addressed somehow.
jwfx
January 13, 2025, 2:10pm
12
Sorry to bump this issue again.
The original problem about the issues not being ingested correctly seems to be resolved.
Should I create a new topic for the resulting UI problem?
Hi @jwfx ,
Yes, it would be nice if you could create another thread, for visibility.
Thank you!
jwfx
January 22, 2025, 3:31pm
14
Created a new topic here: Improve UI for issues where startColumn == endColumn
The original here was solved with v24.12.0.100206 in case anyone runs into this.
