Sonar Validation Failure After eslint-plugin-sonarjs Integration

Andres_Aldao · December 1, 2023, 5:52pm

If your question is about SonarLint in the IntelliJ Platform, VS Code, Visual Studio, or Eclipse, please post it in that sub-category.

Otherwise, please provide:

Operating system: Linux, Feedora 39
IDE name and flavor/env: jetbrains-idea + npm 8.19.4 + node v16.20.0

And a thorough description of the problem / question:
I hope this message finds you well. I am writing to report an issue encountered during the integration of eslint-plugin-sonarjs into our project. After addressing all identified issues and pushing the changes, the subsequent merge request triggered a Sonar validation failure.

The specific error message received is as follows:

Expected a for-ofloop instead of afor loop with this simple iteration.

Code affected:

		for (let resultId = 0; resultId < results.length; resultId++) {
			const result = results[resultId] as unknown as {
				id: number;
				isinventory: string;
				availablequantity: number;
			};

			if (result !== undefined && result.isinventory === "T") {
				itemsQuantityAvailable.set(result.id, result.availablequantity ? result.availablequantity : 0);
			}
		}

To provide context, the integration involved fixing various issues flagged by the eslint-plugin-sonarjs. The changes were made following the plugin’s recommendations, and the code passed the local linting successfully. However, the Sonar validation process appears to be encountering difficulties with the updated code.

Steps taken to address the issue:

Installed eslint-plugin-sonarjs.
Plugin configuration:

	plugins: ["sonarjs"],
	extends: ["plugin:sonarjs/recommended"],
	rules: {
		"sonarjs/no-duplicate-string": "off",
	},

        //.eslintrc.json
        overrides: 		{
			"files": [
			      "SalesOrderService.ts",
                             "SalesOrderMultiStepScreen.tsx",
	                      "SalesOrderItemsMultiStep.tsx",
		              "CustomerService.ts",
                              "ItemLineToolbarActions.tsx"
			],
			"rules": { "sonarjs/cognitive-complexity": "off" }
		},
		{
			"files": [
				"SalesOrderEntryContext.tsx",
				"SalesNavigator.tsx"
			],
			"rules": {
				"react/display-name": "off"
			}
		}

Resolved all flagged issues locally using the plugin’s recommendations.
Pushed the changes to the repository.
Created a merge request.

It’s worth noting that the code passed the local linting process successfully, and the issue surfaced only during the Sonar validation in the CI/CD pipeline.

We would appreciate any assistance in identifying the root cause of this Sonar validation failure and guidance on how to address it effectively. If there are specific Sonar configurations or additional steps we need to take in conjunction with eslint-plugin-sonarjs, please advise accordingly.

Thank you for your attention to this matter, and we look forward to resolving this issue promptly.

Best regards,
Andres

ganncamp · December 4, 2023, 2:15pm

Hi,

The eslint-plugin-sonarjs isn’t maintained or supported by Sonar. From its website (emphasis mine):

This plugin exposes to ESLint users a subset of JS/TS rules from Sonar-* products (aka SonarJS). We extracted the rules that are not available in ESLint core or other ESLint plugins to be beneficial for the ESLint community.

If you are a SonarQube or SonarCloud user, to lint your code locally, we suggest using SonarLint IDE extension

We have no way of knowing whether those extractions are current or even accurate, and certainly no good way of debugging them. You should either take this up with the plugin maintainers, or drop it and just use SonarLint.

Ann

ganncamp · December 4, 2023, 2:47pm

Hi again,

It has been pointed out to me that this might be ours after all.

I’m going to call for help.

Ann

victor.diez · December 5, 2023, 11:05am

Hello @Andres_Aldao,

please note that eslint-plugin-sonarjs does not contain all JS/TS rules from the Sonar JS/TS analyzer. Only a subset of them are made available in that package, and it’s meant for users who only rely on eslint, not the whole Sonar solution. If you want to have the same results in your IDE and CD/CI we recommend you use SonarLint in your IDE instead, which contains the whole SonarJS analyzer (also the rules in eslint-plugin-sonarjs).

Cheers,
Victor

Andres_Aldao · December 5, 2023, 1:03pm

Hello Ann and Victor,
Thanks for answering and clarifying the usage. We can’t force users to install the plugin for this reason I’m considering using your plugin. Can you consider adding the rule that I report to your plugin?

Cheers,
Andres

victor.diez · December 8, 2023, 8:38am

Hello @Andres_Aldao,

We’ll probably make some changes to how the eslint-plugin-sonarjs is generated, meaning that rules will be included automatically every time we add them to SonarJS. We still don’t know when these changes will be done, but this is in our pipeline.

Cheers,
Victor

Andres_Aldao · December 8, 2023, 12:49pm

Cool! I’ll let you know if I find anything else.
Thanks!