SonarLint - Support PL/SQL Language

HI,

It could be useful and super nice that SonarLint supports pl/sql code. With that, database part of our apps will be cover like the rest of the code (java or c#).

Below my first question to confirm or not this is already planned.
(SonarLint - is there a plan to scan pl/sql code in VSCode?)

Thanks in advacne

Hi @SebG

PL/SQL is already supported by SonarLint in Eclipse and IntelliJ. For VSCode I don’t think we are planning to do that.

Hi @Lena
Thank for your reply.

It is a petty to do not support SonarLint in VSCode.
Most of the languages have there extension in VSCode so this tool is now a reference in dev world.
Also it proposes extensions to be link to the DB allowing auto-completion and execution of scripts or DDL and compilation of stored procs. Only Sonar is missing :anguished:

Any chance to review this status ?

I created a ticket, we will see if time permits during next sprint on SonarLint for VSCode:
https://jira.sonarsource.com/browse/SLVSCODE-69

1 Like

Thank you very much.

Hello,
I tried to enable new extension in VScode, former file types (JS, PY) are well anaylized but PL/SQL code files are not scanned.
Extension version is the 1.9 and connected mode is well set.

In VSCode PL/SQL code files are detected as plsql files.

Can you tell me what is required to have PL/SQL code scanned?
Don’t know if it should be present, but I don’t have analyzers jar file in analyzers folder of the extension.

Thank you in advance.

Hello @SebG, thank you for your feedback.

Could you please check that:

  • You have an installed extension that declares the plsql file type - e.g Language PL/SQL
  • PL/SQL is available on the server you are connecting to - PL/SQL is available in SonarQube Developer Edition and above, and on SonarCloud
  • Your server binding is up to date - you can force it by running command Update SonatLint binding to SonarQube/SonarCloud in VS Code

It does not surprise me too much that the analyzers folder does not contain the PL/SQL analyzer JAR, since this folder only contains the built-in analyzers. However, when updating the server binding, all compatible analyzers will be downloaded from the server and cached in a .sonarlint folder in your home directory.

Hope this helps!

Hello @JBL_SonarSource,

I have languade PL/SQL extension v1.8.2 installed.
We have a Developer Edition licence for On-Premise Sonar installation.
Server binding have been refreshed several times (I forced it as you mentionned).

I will try to clean cache folder for analyzers and redo a Server Binding.

If you have another idea, thank you in advance.

-------------------- Update after above actions --------------------
It is still the same.
-------------------- New Update --------------------
I confirm that sonar-plsql-plugin-3.4.1.2576.jar file is downloaded in my home folder.

Hello again,

The good news is that your binding settings do seem correct, since the analyzer JAR is downloaded.

Could you please provide the content of the Output tab (Ctrl+K Ctrl+H) in the SonarLint category, and eventually a minimal bit of code on which you expect issues? This could help us understand what is going on.

Hello,
I have leave for 2 weeks. I will make what you tell me when I will be back (19th August)
Thank you for your help.

Hello @JBL_SonarSource,
Please find below the content of output:

Analysis triggered on file:///v%3A/Personal/SEG/pr_check_site.sql with configuration: 
[
  baseDir: v:\Personal\SEG
  extraProperties: {}
  excludedRules: []
  includedRules: []
  inputFiles: [
    file:///v%3A/Personal/SEG/pr_check_site.sql (UTF-8) [plsql]
  ]
]

Available languages:
  * PHP => "php"
  * Python => "py"
  * TypeScript => "ts"
  * HTML => "web"
  * JSP => "jsp"
  * JavaScript => "js"
Start analysis
Declared extensions of language PHP were converted to php: **/*.php,**/*.php3,**/*.php4,**/*.php5,**/*.phtml,**/*.inc
Declared extensions of language Python were converted to py: **/*.py
Declared extensions of language TypeScript were converted to ts: **/*.ts,**/*.tsx
Declared extensions of language HTML were converted to web: **/*.html,**/*.xhtml,**/*.cshtml,**/*.vbhtml,**/*.aspx,**/*.ascx,**/*.rhtml,**/*.erb,**/*.shtm,**/*.shtml
Declared extensions of language JSP were converted to jsp: **/*.jsp,**/*.jspf,**/*.jspx
Declared extensions of language JavaScript were converted to js: **/*.js,**/*.jsx,**/*.vue
[Info  - 09:55:19] Index files
Language of file 'file:///v%3A/Personal/SEG/pr_check_site.sql' is set to 'plsql'
[Info  - 09:55:19] 1 file indexed
'PHP sensor' skipped because there is no related file in current project
'Analyzer for "php.ini" files' skipped because there is no related file in current project
'Python Squid Sensor' skipped because there is no related file in current project
'Contextual SonarTS' skipped because there is no related file in current project
Execute Sensor: HTML
'SonarJS' skipped because there is no related file in current project
'ESLint-based SonarJS' skipped because there is no related file in current project
Analysis triggered on file:///v%3A/Personal/SEG/pr_check_site.sql with configuration: 
[
  baseDir: v:\Personal\SEG
  extraProperties: {}
  excludedRules: []
  includedRules: []
  inputFiles: [
    file:///v%3A/Personal/SEG/pr_check_site.sql (UTF-8) [plsql]
  ]
]

Available languages:
  * PHP => "php"
  * Python => "py"
  * TypeScript => "ts"
  * HTML => "web"
  * JSP => "jsp"
  * JavaScript => "js"
Start analysis
Declared extensions of language PHP were converted to php: **/*.php,**/*.php3,**/*.php4,**/*.php5,**/*.phtml,**/*.inc
Declared extensions of language Python were converted to py: **/*.py
Declared extensions of language TypeScript were converted to ts: **/*.ts,**/*.tsx
Declared extensions of language HTML were converted to web: **/*.html,**/*.xhtml,**/*.cshtml,**/*.vbhtml,**/*.aspx,**/*.ascx,**/*.rhtml,**/*.erb,**/*.shtm,**/*.shtml
Declared extensions of language JSP were converted to jsp: **/*.jsp,**/*.jspf,**/*.jspx
Declared extensions of language JavaScript were converted to js: **/*.js,**/*.jsx,**/*.vue
[Info  - 09:55:19] Index files
Language of file 'file:///v%3A/Personal/SEG/pr_check_site.sql' is set to 'plsql'
[Info  - 09:55:19] 1 file indexed
'PHP sensor' skipped because there is no related file in current project
'Analyzer for "php.ini" files' skipped because there is no related file in current project
'Python Squid Sensor' skipped because there is no related file in current project
'Contextual SonarTS' skipped because there is no related file in current project
Execute Sensor: HTML
'SonarJS' skipped because there is no related file in current project
'ESLint-based SonarJS' skipped because there is no related file in current project

And the code sample I used:

create or replace procedure pr_check_site is
   dummy_not_used varchar2(20);
   
begin
      if pkg_get_object.fn_parameter_char_value('DB_LOC') <> 'VAR' then
         pr_raise_it(p_mess => 'Not on VAR env.');
      end if;
      if pkg_get_object.fn_parameter_char_value('LT_SONAR') <> 'ENA' then
         pr_raise_it(p_mess => 'Sonar intf disabled');
      end if;
       
end;  

Thank you in advance.

Hello, glad to hear back from you!

I don’t see the PL/SQL analyzer being called in the logs you posted; actually, it looks like the connected mode is not enabled. Is your folder/worskpace actually bound to a server project?

You should have 2 configuration blocks related to connected mode, one like the one below in your user settings:

"sonarlint.connectedMode.servers": [
    {
        "serverId": "<my_sonarqube_server>",
        "serverUrl": "https://some.sonarqube.server/",
        "token": "somehexencodedtoken"
    }
]

And one like below in your workspace settings:

"sonarlint.connectedMode.project": {
    "serverId": "<my_sonarqube_server>",
    "projectKey": "<my_project_key_on_server>"
}

I believe that your first block is OK since SonarLint has already downloaded the PL/SQL plugin JAR.

In the second block, you will want to make sure that <my_project_key_on_server> is the key of a project which exists on server side.

Hello @JBL_SonarSource,
You had right, my workspace doesn’t contain settings for Sonar.

After adding, the configuration that was not working.
I checked the log when I make a SonarLint binding to SonarQube and I found a permission issue.

I fixed it, now the log shows the plsql scan but no error is raised (at least 1 for the unused variable must be raised).
Here is the log:

Analysis triggered on file:///v%3A/Personal/SEG/pr_check_site.sql with configuration: 
[
  projectKey: VSC
  baseDir: v:\Personal\SEG
  extraProperties: {}
  inputFiles: [
    file:///v%3A/Personal/SEG/pr_check_site.sql (UTF-8) [plsql]
  ]
]

Available languages:
  * C => "c"
  * C++ => "cpp"
  * Objective-C => "objc"
  * Python => "py"
  * T-SQL => "tsql"
  * ABAP => "abap"
  * PL/SQL => "plsql"
Start analysis
Declared extensions of language C were converted to c: **/*.disabled
Declared extensions of language C++ were converted to cpp: **/*.disabled
Declared extensions of language Objective-C were converted to objc: **/*.disabled
Declared extensions of language Python were converted to py: **/*.py
Declared extensions of language T-SQL were converted to tsql: **/*.tsql
Declared extensions of language ABAP were converted to abap: **/*.abap,**/*.ab4,**/*.flow,**/*.asprog
Declared extensions of language PL/SQL were converted to plsql: **/*.sql,**/*.pks,**/*.pkb
[Info  - 15:29:56] Index files
Language of file 'file:///v%3A/Personal/SEG/pr_check_site.sql' is set to 'plsql'
[Info  - 15:29:56] 1 file indexed
Quality profiles:
  * abap: 'Sonar way' (60 rules)
  * c: 'Sonar way' (132 rules)
  * cpp: 'Sonar way' (202 rules)
  * objc: 'Sonar way' (123 rules)
  * plsql: 'Sonar way (Vitol customized)' (111 rules)
  * py: 'Sonar way (outdated copy)' (32 rules)
  * tsql: 'Sonar way' (54 rules)
'CFamily' skipped because there is no related file in current project
'CFamily' skipped because there is no related file in current project
'Python Squid Sensor' skipped because there is no related file in current project
'T-SQL Sensor' skipped because there is no related file in current project
'AbapSquidSensor' skipped because there is no related file in current project
Execute Sensor: PL/SQL Sensor
Setting filesystem encoding: UTF-8
[Info  - 15:29:56] 1 source files to be analyzed
[Info  - 15:29:56] 1/1 source files have been analyzed

Thank you

Wait before to spend time on my previous comment.

It works like a standard scan in SonarQube. Result is the same.

I expected different result but some rule are not raised when it is in procedure source code (like in my above sample code) and they are raised when it is in package body.

I will provide you the both example just for information. My initial issue seems to be fixed; thank you for your help.

Thank you.

2 Likes

I don’t know PL/SQL at all, but do you consider this as a limitation that we should try to address in our PL/SQL analyzer? Sharing an example will indeed be very helpful.

Not at all, the issue is on my side :face_with_raised_eyebrow:

Due to a typo in the code the scan stopped and all errors were not raised.
I fixed it and now all is good.

Thank you very much.

1 Like

A post was split to a new topic: Unable to analyze PL/SQL code in VSCode