Connected to SonarQube Version: 10.7 Enterprise Edition
Hello,
I recently noticed, that SonarLint (SonarQube for IDE) is not recognizing the sonar rule S6932. I tried with and without connected mode.
The rule is activated in SonarQube (on prem) and the build pipeline breaks on violating the rule, but it will not be shown in Visual Studio.
Also tried with the non compliant example of the rule description:
Hello @Lutti1988!
Thanks a lot for reporting this issue.
First of all, I noticed that our reproducer needs an update. The correct one should be like this:
public IActionResult Post()
{
var name = Request.Form["name"]; // Noncompliant: Request.Form
var birthdate = Request.Form["Birthdate"]; // Noncompliant: Request.Form
var locale = Request.Query.TryGetValue("locale", out var locales)
? locales.ToString()
: "en-US"; // Noncompliant: Request.Query
return Ok();
}
I’m going to fix that and it will be part of our next analyzer release.
I cannot reproduce this issue. From my side, it seems that the issue is raised everywhere normally - SonarQube IDE and Server.
Do you have amaybe.editorconfig or analysis config file in the project that prevents the rule from raising an issue?
Otherwise, could you send me a repro as close as possible to your code so I can check further?
The problem we (a colleague and me) observed so far: In the HomeController.cs the issue S6932 is raised.
But in the RoleSelectionController.Index.cs the issue is not raised on line 45. But if we change the constant “RememberedRoleAutoSelect” to a string literal directly in that line, the issue is surprisingly raised.
I did several changes to that method and line and that is all I could figure out. Maybe it is an interaction with partial classes and constants for the S6932 issue?
Side note: On the first opening of the solution on my machine, the issue was raised in Line 45, but after I deleted the methods “Index” and “HandleRolesAsync” completely in that file (without saving), the issue was gone and was still not present anymore after rolled back everything with “ctrl+z” command
Hello @Lutti1988
I reproduced the behavior you described. This seems to be a bug coming from the roslyn side (compiler), so from our side we cannot fix it.
However, we’ll investigate further and open a ticket to them.