SonarQube 7.9.1 Enterprise Edition.
SonarQube scan on copybooks(cpy files) does not find issues for all rules enabled in the Cobol profile.
SonarQube Scan found issues in the code that violated this rule cobol:COBOL.MagicNumberCheck for .cbl files, but it does Not find any issues for the same rule in .cpy files.
Our code had violations for this rule in cbl and cpy files. It reported issues only in cbl files.
we noticed this issue in this rule cobol:COBOL.MagicNumberCheck, not sure if there are other rules
which behave similarly between cpy and cbl files.
Is there a way for SonarQube scan to detect issues for all rules in .cpy files, as it does for .cbl files (since both have Cobol code)?
In SonarQube’s general administration, check the settings for the COBOL language.
.cpy configured as file name suffixes for the language?
Thanks for the response.
Yes this was already set for for both extensions Dsonar.cobol.file.suffixes=cbl,cpy because without this settings. cpy would not report any issues at all, but in this case .cpy files are reporting issues ,but not reporting for some rules.
Ok, could you post the logs of the scanner?
I have uploaded the logs here Scanner Logs.txt (11.6 KB)
Indeed, the implementation of
cobol:COBOL.MagicNumberCheck doesn’t raise issues in copybooks.
There are a few rules which do the same. Most of the time, the reason to do so is clear, for example for Unused condition names should be removed.
In the case of
cobol:COBOL.MagicNumberCheck, it’s arguable.
Thanks for your Response.
we have copybook(.cpy) that has code with business logic and used in multiple .cbl files.
we may have more issues like these that will never be found in cpy files.
So is there a way these rules can be identified?
does it configure specific rules to enable/disable in .cpy or .cbl ?
As I wrote, most of the rules which exclude issues on copybooks have a good reason to do it.
I suppose you don’t want Unused condition names should be removed to raise an issue when a .cbl file includes a copybook defining a condition name which is not used in the .cbl file.
There’s no configuration to change such behavior.
yes got your point why rules such as "unused conditional names should be removed " doesn’t raise issues in the cpy files.
so is there is reason why this rule cobol:COBOL.MagicNumberCheck was excluded in cpy files?
This exclusion was put in place a very long time ago and I don’t really see a good reason for it.
We will remove this exclusion: SONARCOBOL-1562
Thank you for your feedback.
Thank you. Are there other rules which may fall under a similar category that we should consider?
Is there a list of such rules available?
I’m not sure what kind of rule “category” you mean.
There’s a list of all rules which are available for COBOL and you can filter this list.
I meant some rules like cobol magicnumber that have been excluded in the copybook by the Scanner and wont find issues for some valid reason.
Sorry, there’s no such list and it wouldn’t be available.