- ALM: GitHub
- CI system: GitHub Actions
- Languages of the repository: TypeScript, JavaScript, CSS
- Steps to reproduce - See code snippets below, using Mongoose 6.x and analysing with the latest SonarCloud GitHub Action.
- Potential workarounds - See below
- TypeScript Rule ID: S4123
When using SonarCloud to analyse our codebase, we observe what appears to be a significant false-positive when analysing asynchronous behaviour of Queries in the Mongoose library (we use v6.x).
Consider the following (admittedly slightly contrived) example. We Create a new Mongoose Model like so,
// src/models/example.ts
import mongoose, { Model, Schema } from 'mongoose';
import { ExampleDocument } from 'src/common/interfaces/example';
const exampleSchema = new Schema<ExampleDocument>({
name: string,
});
export const ExampleModel: Model<ExampleDocument> = mongoose.model('Example', exampleSchema);
When using the model elsewhere in the code, like so,
import { ExampleModel } from 'src/models/example';
export const getExampleByName = async (name: string) => {
const exampleDocument = await ExampleModel.findOne({ name }, 'name');
if (!exampleDocument) throw new Error(`Example document not found for ${name}`);
return exampleDocument;
};
The code await ExampleModel.findOne({ name }, 'name'); is marked as a violation of TypeScript rule S4123, with the message “Refactor this redundant ‘await’ on a non-promise.”
While this is strictly correct, all the return type of Model.findOne() in Mongoose is a Mongoose Query, which while not a true spec-compliant Promise, is a thenable, as it contains a .then() method. This makes it entirely valid syntax to use await with the query.
Have noted the discussions here and here, as well as the linked GitHub Issue in SonarJS here. Either this issue is a regression, or the issue has not been fixed for thenables.
We have considered the following workarounds for our use case, but feel this should reported a false-positive for investigation by you folks.
- Disabling the rule S4123 for our repository - not deemed appropriate as it will lead to real positives not being detected.
- Chaining our Mongoose queries with
.exec()as described here in the Mongoose docs. While this would work to suppress the Sonar issue, it goes against our internal coding style. - Manually marking every occurrence in our code base as a false positive. While this is possible, it is tedious given the number of occasions this occurs in our codebase.
Thanks in advance for your support, and any additional tips the community might have for us!
