SonarLint in VS Code scanning core Python language modules

Please provide

My specifications:

  • Windows 10
  • VS 1.66.2
  • SonarLint v3.4.0

Myself and my team members recently noticed that our Python projects are showing hundreds of warnings related to core Python libraries. It seems that any library in an import statement can trigger this behavior. For example, I opened one of my own .py files which references the “typing” module. After some period of time, SonarLint flags over 25 problems associated with “Python39/Lib/typing.py”.

I’ve also seen SonarLint do the same thing for “threading” as well as other core Python language modules. In the logs below, you can see one instance where SonarLint picked up the “typing” module from Python after I opened one of my own files:

Folder file:///c%3A/Users/nws2293/source/repos/checkpoint_pyrexia is now on branch develop
[Info - 07:19:33.251] Analyzing file ‘file:///c:/Users/nws2293/source/repos/checkpoint_pyrexia/src/checkpoint_pyrexia/schemas/gateways_and_servers.py’…
[Info - 07:19:33.382] Found 2 issues
[Info - 07:19:35.393] Analyzing file ‘file:///c:/Users/nws2293/AppData/Local/Programs/Python/Python39/Lib/typing.py’…
[Info - 07:19:37.649] Found 25 issues

I should note that this project is using a Python virtual environment (all my team’s projects do). As time progresses during a working session, it looks as if SonarLint finds more and more Python language modules and starts analyzing and reporting problems with them. This can actually be felt on my machine when it happens because it causes some hitching in the UI, presumably from scanning several large files.

Hello Jason,

Thanks for making the effort to post here, I appreciate.

Could you confirm this second analysis happened because you opened the typing module ? Maybe by Ctrl+Clicking on the import directive from gateways_and_servers.py ?

Today SonarLint analyzes any file that is opened. I am not sure yet how we could distinguish between a user file and a library file, but I agree it does not make sense to raise issues on code that you don’t own. I created this ticket.

Could you elaborate on that ? Do you feel it slows down the whole IDE ? Or is it that you don’t get analysis results for your project files as fast as you would expect ?

Maybe just to be complete and make sure we don’t miss anything, could you activate debug traces, restart the IDE, repeat the same steps and send us the results here ?

Thanks

2 Likes

“Go to Definition” will definitely trigger the analysis as soon as such a file is opened. However, to confirm what I’ve seen, this morning I closed all the open editors and all the files in my project. I then restarted VS Code. I then proceeded to open my own source files. At some point, the analysis started on the typing module, and I’m certain I did not explicitly open that file.

That said, in trying this experiment again just a few minutes ago, I am having problems reproducing it passively. It typically only takes a couple of minutes or so for me to start seeing Python language modules showing up in the scan.

I did make a minor discovery, and maybe this is related. If I hold CTRL down and simply hover over “typing” (which I don’t think is something I normally do), a small pop-up opens over the typing module and the analysis is triggered. Perhaps I’m doing someone unknowingly to trigger a background load of the file, or maybe the recent VS Code update is pre-loading some files in the background as some kind of optimization?

The CTRL-key hover pop-up that triggers the analysis looks like this:
image

Please disregard that comment. I have a corporate managed PC, and I receive updates in the middle of the day. It isn’t fair of me to associate my PC getting sluggish with the analysis. There’s too many other variables to say for certain, and since I’m almost always in VS Code, I can’t really say a sluggish PC is due to anything with VS Code.

I tried to include the verbose logs from the pop-up triggered scan, but I hit the size limit with this reply when I tried to include them.

Wow, indeed, I am able to reproduce that a new analysis is triggered if I just hover over a module name with the Ctrl key pressed. I would bet that we receive from VSCode the same notification as when a file is opened, I will investigate and try to understand, maybe it’s a bug on their side.

Regarding your PC slowing down, if you can get any evidence that this is caused by SonarLint we will also be happy to help.

For the logs you could dump them in a.txt file for example and drag-and-drop it here

Attaching the logs:
sonarlint_logs.txt (1.1 MB)

Thanks! There is nothing else interesting in the logs.

I found out that indeed Ctrl+Hover shows the Definition preview popup for a given symbol. This triggers the same event as if the file is opened, and this is by design as mentioned in this issue. There is a workaround that we could use as suggested there.

I think the root cause to fix for you is the ticket mentioned above. To be transparent, we won’t work on it for a few weeks as we have other priorities at the moment. We will keep it in mind for our next efforts on VSCode

And here is the other ticket to prevent analysis from happening for a document in preview.

Thanks again for reporting and for revising your review :slight_smile:

1 Like