lion
(Octavian M)
August 22, 2024, 12:39pm
1
I noticed a possible problem related with S2392 SonarQube default rule.
SonarQube server version: Enterprise EditionVersion 9.9.2 (build 77730)
I tried to scan the following piece of JavaScript code:
if (true) {
if (true) {
const groupedProductsObj = {
test: 'test'
};
log(groupedProductsObj)
}
}
if (true) {
setData(groupedProductsObj.test)
}
Expected result: SonarQube rule [S2392] triggered for groupedProductsObj
variable.
Current result: No issue raised.
I noticed that this rule is triggered if groupedProductsObj
is declared as var
only.
For const
or let
the rule is not triggered.
Could you please explain why?
Thanks
Colin
(Colin)
August 22, 2024, 1:43pm
2
Hey there!
When you opened a new thread, you were asked for version details.
Must-share information (formatted with Markdown ):
which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
That’s not there just because we needed to put something there It’s really important you provide those details.
Colin
(Colin)
August 23, 2024, 6:01am
5
Thanks! With that info, I’ve flagged this for expert eyes.
ilia
(Ilia)
August 23, 2024, 7:38am
7
Hello Octavian,
The rule raises an issue for var
because it is function scoped while const
and let
are block-scoped (let , const ).
If you try to run your example with const
or let
, you will see that groupedProductsObj
is undefined in the last if
block:
if (true) {
setData(groupedProductsObj.test)
}
lion
(Octavian M)
August 23, 2024, 9:56am
9
Thanks Ilia for your explanation.
You are right.
We have a lot of scripts with this type of variable declarations (with let or const into a block and then reference them in other blocks) and our goal is to identify them in an automatic manner.
Is there any SonarQube rule that can catch this type of error?
lion
(Octavian M)
August 26, 2024, 9:11am
12
I noticed a rule which could be related with “undefined” error:
Properties of variables with “null” or “undefined” values should not be accessed
Why is this error not fired on the example script provided?
ilia
(Ilia)
August 30, 2024, 7:19am
13
Hi Octavian,
The rule does not raise an issue because we implement it using static analysis, which is not suited to detecting such patterns.
We are working on more dynamic solutions to detect such issues and will release them in the near future.
lion
(Octavian M)
September 3, 2024, 9:53am
14
Thanks Ilia for your response and time.
system
(system)
Closed
September 10, 2024, 9:54am
15
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.