SonarQube does not send correct RuleSet to sonarlint while binding with project in Visual Studio 2015

Ashish_Sharma · June 22, 2020, 4:47am

SonaQube version : Version 5.6.6
SonarLint version : Version 4.22.0.18519

So i am trying to bind my sonarlint with the sonarqube with a particular set of rules, these rules have been defined on sonarqube but while fetching the bindings on visual studio 2015 i am getting a totally different set of ruleset from sonarqube.
It has the rules which are not even defined by us.

Need help on this. Thank You.

Please find attached some images for reference.

Problem with SonarQube here : -

Problem with SonarLint here : -

duncanp · June 22, 2020, 1:20pm

Hi @Ashish_Sharma. Welcome to the community.

SonarQube v5.6 has not been supported for a long time so we’d recommend upgrading to a supported version.

Regarding your “Problem with SonarQube here” screenshot: the “SonarLink for Visual Studio Rule Set” permalink is no longer relevant. It’s a legacy component only used by very old versions of SonarLint. It isn’t used by SonarLint v4.22.

Some things to check:

check which Quality Profile SonarLint is actually using. You’ll find the Quality Profile key in the .sonarlint\XXX.slconfig file, and you can use the api/qualityprofiles/search web service check which Quality Profile it corresponds to (e.g. by browsing to http://mysonarqubeserver:9000/api/qualityprofiles/search).
the ruleset generated by SonarLint is also in the .sonarlint folder. Does it contain the just the expected rules?

Ashish_Sharma · June 23, 2020, 4:50am

Hi @duncanp, thanks for the response.
have already made note on upgrading SonarQube.
For now i checked the things you asked me to :-

1. the Quality Profile key in the .sonarlint\XXX.slconfig file is there in the “api/qualityprofiles/search” result as below (the first one is being used) , is it a problem that i am getting multiple profiles here ?
{
“profiles”:[
{
“key”:“cs-test-coding-standards-54059”,
“name”:“Test Coding Standards”,
“language”:“cs”,
“languageName”:“C#”,
“isInherited”:false,
“isDefault”:true,
“activeRuleCount”:47,
“rulesUpdatedAt”:“2017-07-31T07:38:51+0000”
},
{
“key”:“cs-sonar-way-35900”,
“name”:“Sonar way”,
“language”:“cs”,
“languageName”:“C#”,
“isInherited”:false,
“isDefault”:false,
“activeRuleCount”:102,
“projectCount”:0,
“rulesUpdatedAt”:“2017-07-31T07:40:48+0000”
},
{
“key”:“java-sonar-way-07405”,
“name”:“Sonar way”,
“language”:“java”,
“languageName”:“Java”,
“isInherited”:false,
“isDefault”:true,
“activeRuleCount”:254,
“rulesUpdatedAt”:“2017-06-01T16:42:25+0000”
},
{
“key”:“js-sonar-security-way-75962”,
“name”:“Sonar Security Way”,
“language”:“js”,
“languageName”:“JavaScript”,
“isInherited”:false,
“isDefault”:false,
“activeRuleCount”:40,
“projectCount”:0,
“rulesUpdatedAt”:“2017-06-01T16:42:27+0000”
},
{
“key”:“js-sonar-way-87013”,
“name”:“Sonar way”,
“language”:“js”,
“languageName”:“JavaScript”,
“isInherited”:false,
“isDefault”:true,
“activeRuleCount”:86,
“rulesUpdatedAt”:“2017-06-01T16:42:26+0000”
}
]
}

2. the ruleset generated by SonarLint in .sonarlint folder does not contain the same ruleset as defined on sonarqube, the rules inside them are different.

Awaiting response.

duncanp · June 23, 2020, 10:55am

Calling api/qualityprofiles/search without any parameters returns all of the Quality Profiles defined on the server so seeing multiple profiles is expected.

According to the Quality Profile information there should be 47 active rules. How many active rules are there in the generated ruleset (i.e. rules where the action is not None)?

Ashish_Sharma · June 23, 2020, 11:33am

Hi @duncanp, i can see approx 12 rules that are not None, but the rule Id is different from what is defined on sonarqube.
I am expecting rule Ids starting with CA, but inside the generated rule set i have every rule id starting with S.

duncanp · June 23, 2020, 11:39am

Hi @Ashish_Sharma,

All Sonar rules start with “S”. Rules starting with “CA” are Microsoft-defined rules that won’t be configurable in SonarQube unless you’ve created a custom plugin to make them available.

Why are you expecting to see rules starting “CA” in the generated ruleset?

Ashish_Sharma · June 23, 2020, 11:44am

@duncanp, not particularly “CA” but a mix and match of “CA” and “S”.
These rules are important for code quality of my project therefore these rules have been introduced.
The challenge is i am not able to bind those 47 rules to my c# project. If you could help in that direction.

Thanks.

duncanp · June 23, 2020, 1:09pm

@Ashish_Sharma could you share the generated ruleset file from inside the .sonarlint folder, and also the text response you get when clicking the Technical exporter for the MSBuild SonarQube Scanner button from your first screen shot please? (as text/files rather than as screenshots).

Ashish_Sharma · June 23, 2020, 1:47pm

Hi @duncanp, please find the attachments

Rule Set file : RuleSet.txt (6.3 KB)

MSBuild sonarQube Scanner : MSBuild SonarCubeScanner.txt (8.7 KB)

duncanp · June 25, 2020, 12:34pm

Hi @Ashish_Sharma,

Interesting. The ruleset matches the technical exporter output but as you say there are only a dozen or so active rules. There are some rules that won’t be run in the IDE e.g. hotspot rules, but there aren’t enough C# hotspot rules to account for the difference.

do you have any third-party plugins installed for C#, and if so which ones?
could you post the results of the querying the SonarQube API to return all the rules in your Quality Profile please? Just browsing to a URL like the following using your server and quality profile key:
http://mysonarqubeserver:9000/api/rules/search?qprofile=myqualityprofilekey&f=repo,internalKey,params,actives

Ashish_Sharma · June 26, 2020, 4:54am

Hi @duncanp,
there is just one plugin which we are using for c# : -

And Here is the quality profile’s query result below. The result has 392 rules which are c# rules, it should actually be 47 rules which are defined by us.
How can we resolve this issue ?
QueriedQualityProfile.txt (23.6 KB)

Thank You.

duncanp · June 26, 2020, 1:50pm

Hi @Ashish_Sharma,

Your Quality Profile references multiple third-party rules like this one:

      {
         "key":"fxcop:AvoidUnusedPrivateFields",
         "repo":"fxcop",
         "internalKey":"CA1823",
         "params":[

         ],
         "type":"CODE_SMELL"
      },

I’m guessing you also have the FxCop plugin installed?

FxCop is a legacy code analysis technology that Microsoft replaced with the Roslyn framework some years ago. SonarLint does not recognise and won’t execute FxCop rules.

However, the Sonar C# analyzer implements rules that are equivalent to the most valuable FxCop rules, so one option would be to use the Sonar C# equivalent instead.

duncanp · July 9, 2020, 11:14pm

This topic was automatically closed after 6 days. New replies are no longer allowed.