I am trying to find a way to get a list of rules from SonarCloud Java (or whatever) rules (with keys, description, etc.) and export it as an Excel, CSV or XML.
Does anyone know how to do this?
Any help will be appreciated !!
Related
I was looking for a configuration parser for go and https://github.com/spf13/viper seems to come highly recommended.
I am very surprised to find that configuration files are not validated by default.
Viper parses files and extracts requested values from them but I cannot find a way to detect bad configuration.
For instance I if create a (Java style) .properties file containing just "???" and nothing else. This is accepted without any error.
I can understand the philosophy that you should ignore irrelevant configuration items but I desire more rigor. I would also like to reject anything that does not match the X=Y format in a properties file.
To me this is a fatal flaw that suggests I should use a different package (or roll my own as usual).
Have I missed something? Does viper in fact support detecting and rejecting bad configuration keys?
I think the answer is no. viper does not validate java .properties files.
I posted a bug report (or feature request depending on your point of view) as https://github.com/spf13/viper/issues/790
You can try https://github.com/num30/config library which is based on Viper. It has built-in validation.
I am trying to extend Sonarqube with custom Javascript rules. I find that the documentation is fairly limited on this subject. The extension tutorials on sonarqube website show only the most basic stuff.
The only javadoc I could find is this one: http://javadocs.sonarsource.org/latest/apidocs/ and it doesn't cover anything about extending Javascript.
What I ultimately want to do is add a JS rule that will check for hardcoded secrets (such as passwords, api keys, etc). I already created one for Java, and that was a lot easier as I could take an already pre-made plugin and complete it with my custom regex.
The problematic spot that made me post here was actually this one:
cannot find symbol
symbol: class VariableTree
location: package org.sonar.plugins.javascript.api.tree.expression
I was following the same scheme as with Java and used
import org.sonar.plugins.javascript.api.tree.expression.VariableTree;
which is obviously wrong. I was not able to find the source code for this either... if anybody can point me to some secret doc stash or at least where I can find a javadoc for org.sonar.plugins.javascript.api that would be amazing!
Thanks very much for any help
Is there a way to see TeamCity configurations that override parameter defined in template?
I don't think so. What's worked for me in the past was to search through the project files on the filesystem. If you have many build configs, this will be faster than opening each of them in the GUI.
Search for something like this:
<param name="myParamInheritedFromTemplate" value="myOverrideValue" />
in <TeamCity data directory>/config/projects/**/*.xml. If it's absent in an XML file, that build config just inherits the value. If it's present, it overrides it.
It's hacky but it's quick.
There is a feature request https://youtrack.jetbrains.com/issue/TW-21212, please vote. Current workaround are to either search the raw XML files with the settings stored under TeamCity Data Directory on the server as #sferencik suggested, or use REST API to get settings of all the build configurations and search for the parameter there. Let me know if you need help on any of these.
I am using guard-jasmine create coverage reports for my javascript app written with backbone js. I would like to exclude the template files from being included in the coverage. Is there a way to do this currently? I have also tried looking through the source and passing the -x option to the intrument command in the coverage.rb file but that doesn't seem to help at all. Any pointers would be appreciated.
Thanks!
There is currently no way of configuring Guard::Jasmine to skip specific files from generating the coverage.
A possible way to add this would be to add something like a coverage_skip option that contains a regex to check it as a preconodition in the coverage tilt template:
return data if file =~ ENV['COVERAGE_SKIP']
Since we do not have access to the Guard::Jasmine options, we need to set it as an environment variable in the server process.
A pull request is heartly welcome ;)
I am new to sonar,just heard about this tool.
Can we use this tool to perform code review for FMW(Fusion Middleware) -OSB(Oracle Service Bus)/BPEL project ?
If so can anyone give some inputs on this?
The official plugin-List : http://docs.codehaus.org/display/SONAR/Sonar+Plugin+Library/ does not mention support for your tools.
But sonar can be extended with custom plugins, so you may be able to write your own plugins to provide metrics for your tools.
What level of review you want to cover? It is really easy to make your own review tool for BPEL. All BPEL resources are XML files. For example if you want to check for naming convetion of BPEL activities, you can define a simple XPath based rule.
Ex:
//sequence/#name ~= "^sequence.*".
A Java program can use the above XPath to pull-out all sequence names from the xxxx.bpel file and compare it against a regular expression. Similar rules can be created for checking WSDL usage, partner links, end-point addresses, usage of Error handling etc.