Sonar Community Roundup, July 6 - July 12

Hello Sonar Community!

Every Friday I sit down to write this roundup usually first thing after my (fourth) coffee, but this morning I decided to defrost my freezer. I am now very grateful that I do not have to do that every Friday, but instead usually do this.

It has been a big week here in the Community, with lots of help and guidance from you, our members, to improve our products and your experience with them.

We’re grateful every time you give us feedback, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.

SonarQube:

• Plugin developers who want to use SonarQube’s Java APIs to call v2 of our Web APIs are running into issues. Thanks for taking the time to report this issue, @juanvibolufer! We’ll fix it in our next release with SONAR-22503.

• Thanks @jonesbusy for posting his workaround to make sonar.lf.logoUrl while it’s affected by SONAR-22149.

SonarLint:

• The quickfix for java:S1659 breaks syntax when multiple arrays are declared. I guess it’s more of a quick-break at the moment. Thanks for the reproducer @Maks_Khramov. SONARJAVA-5080

• SonarLint for Rider is hanging after updating to 10.7, and we could reproduce that easily after @lg2de reported it to us. Thanks a lot! SLI-1497

• With SonarLint for Eclipse, the indexing of local files and calculation of exclusions can sometimes be so slow it causes the IDE to crash. We’re going to speed that up with SLE-900. Thanks for your report @alef75!

SonarCloud:

• We had a bizarre incident yesterday where on some private projects, if the screen was above a certain width, project dashboards had trouble loading. We got a lot of reports through multiple channels, but specifically in this community from @gtue_ps, @DdeM, @DamienDennehy, and @15307. Thanks a lot folks! We were able to fix it quickly in prod.

• User management on SonarCloud was temporarily borked, but thanks to quick reports from @MarcoLodini, @ajax-oleksiuk-m, @juanfer007, @fynnrunning and @RobCo, the issue got resolved!

• The SonarCloud UI allows setting an empty file path pattern for sonar.issue.ignore.multicriteria which subsequently breaks analysis. That’s no good. Thanks for the report @svaningelgem! We’ll fix that.

• Due to some limitations in the GitHub API we use, Automatic Analysis is unable to detect which languages exist in a repo with more than 100k files. As a result, we can’t decide for some projects which “flavor” of Automatic Analysis gets used (normal, Java, or C and C++). We’re going to investigate how to fix this. Thanks @zetilov-s!

Rule & Languages Improvements

• cpp:S6165 is recommending to replace loops that erase some elements with std::erase_if, which is not a best practice when the predicate mutates the elements. Thanks @rioki! CPP-5468

• When analyzing T-SQL, there’s a parsing issue on HISTORY_RETENTION_PERIOD. Thanks @ArminPrieschl! SONARTSQL-337

• python:S1481 should not raise issues on assignment expressions occurring in generator expressions. Thanks for the detailed investigation @peter.aisher! SONARPY-1974

• java:S6587 (dealing with valid SpEL expressions) is raising false-positives when certain syntax we didn’t account for (${...} instead of ${#{...}}. Thanks for the feedback @sanderv! SONARJAVA-5079

• When compilers are called via dynamic linkers, the build wrapper used to analyze C and C++ code doesn’t work as expected. Luckily, a compilation database can be used as a workaround while waiting for the fix: CPP-5462. Thanks for the report @Jeff (hey @Jeff_Zapotoczny, why didn’t you steal this username years ago?)!

• cpp:S5566 raises false-positives when analyzing C++ versions prior to C++20. Thanks for the report @zago27. CPP-5463

• We aren’t sure why ESLint fails sometime fail to import, but we will investigate it with JS-227 after a report @samuele-ruffino96 and a great reproducer.

• javascript:S6477 looks for unknown attributes in JSX assuming the user is using React, but not considering that another framework, like SolidJS, might be used. We’ll try to better support this with JS-228. Thanks @gajjargaurav!

• @gian1200 and @sodul had an interesting discussion about javascript:S5332, a rule that flags the use of insecure protocols like http. But what if you have no choice, like referencing http://schemas.microsoft.com? Well in that case, we should add an exclusion to the rule, and we will with JS-234. Thanks a lot!

Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.

Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.

@Colin, @ganncamp, and @leith.darawsheh