Sonar Community Roundup: May 4 - May 10

Hello Sonar Community!

It’s been a big week here in the Community. @Colin has been away at EuroVision , so I’ve been holding down the fort with @leith.darawsheh and we’ve had lots of help and guidance from you, our members, to improve our products and your experience with them. We’re grateful when you take the time to do that, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.

SonarQube

• We’ll be updating the docs on how marking an issue False Positive affects the Quality Gate because of @Egon_Kidmose’s questions on the topic. Thanks for pointing out what was missing!

• @jonesbusy found that the file://prefix isn’t handled properly in SARIF report imports. SONAR-22185

• Along with cool new features, 10.5 introduced an error in the log after successful analysis for some projects. We appreciate the reports on this from @Roland75, @jonesbusy, @anon67236913, @freddiN, @Valentijn, @Nikola_Sajic, @skabra, @amsga, @twenzel, @LucaBlackDragon, @kabasm, @Yash_Babariya, @Sirinemn, @Bruno_Antunes, @fromelard, @ktibi, and @Alejandro_Miller. It’ll be fixed in 10.6. SONAR-22152

• @sh.yoon.devops let us know that repositories with special characters in the name can’t be onboarded from BitBucket. SONAR-22207

SonarCloud

• @jzhang132 had some questions about how to use the sonar.typescript.tsconfigPaths property to best configure analysis. We’ll be updating the docs soon with what he learned.

• Our advice for setting up Gradle analysis using GitHub actions is a little out of date, @grimsa pointed out. We’ll get the docs and the wizard updated.

• The UI isn’t consistent when you exclude everything (**/*) from duplication calculation. @Venkatesh_Ragavan reported that in some places you get ‘-’ for the duplication metrics and in others you get ‘0.0%’. We’ll get that fixed.

SonarLint

• @alef75 and @dennis-behm found a regression in SonarLint for Eclipse where exclusions - either locally or in connected mode - cause analysis to fail. SLE-856

Rule and language improvements

• csharpsquid:S6934 raises an issue when the Route attribute isn’t added to an abstract Controller class, but it’s added to one or more of its action methods. Thanks for the false-positive report, @m-gallesio. sonar-dotnet#9252

• @ghusta found a tricky false-positive in java:S2589, which is caused by the rule’s assumption that you can’t pass null to Spring’s StringUtils.trimWhitespaces. SONARJAVA-4968

• typescript:S3358 includes an exception for nested ternaries, but that exclusion doesn’t extend to nested conditionals in the same JSXExpressionContainer. @Thom_van_den_Akker’s report made us realize we should clarify the exception. JS-152

• @HenrikSommer-eng let us know that azureresourcemanager:S1192 wrongly you to replace the path to a Bicep module with a variable. SONARIAC-1468

• javascript:S1082 doesn’t recognize keyup.enter as a valid keyboard event. Thanks @rdimitrov. SONARHTML-251

• @smileBeda noticed that php:S1172 raises an issue when you create a WordPress hook callback that, for instance, only uses the second of two parameters. Of course you can’t omit the first parameter, so we’re going to fix that.

• kotlin:S6524 errors-out during analysis when resolving the fully qualified name of an IntersectionTypeConstructor because of a null declarationDescriptor. Thanks @rohancz. SONARKT-388

• @Ikamel92 reported that html:S6825 also errors-out during analysis when tabIndex is declaratively set. SONARHTML-250

• From SonarQube 8.9 to 9.9 the import of custom Detekt rules changed from using the rule key in the report to attributing them all to a “CatchAll” rule. That was not okay for @FloQonto, or really for us. SONARKT-387

• @null is eager for support of C++23. We’ll get there with CPP-5300

Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.

Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.

 
Ann, @Colin, and @leith.darawsheh