Agenda and reason to ask this question : I was going through profile created by someone and want to remove false positive rules.
Question :
For example :
I want to understand below rule,
"Correctness - Class defines methods which confuse Character with int parameters"
Where should i see details and examples?
Thanks,
Roshankumar
Since you appear to be in a SonarQube rule list context, the rule detail will give you this. To see it, click on the rule or right-arrow.
The descriptions for FindBugs rules can be terse at best, but this is an FB-contrib rule with a slightly longer description. However, it does not contain examples.
Related
If you have a Transaction with complex rules, it can difficult to 'manage' them logically inside the rules section because the order they execute is most likely not the order in which they appear in the rules. You can turn on Detailed Navigation and see the Evaluation Tree, but I was thinking there could be an improvement in this area.
What if there was a model Preference or object Preference that you could set that would, after specification, reorder the rules in the code to match the Evaluation tree? There could be some clear comments about when things happen, and I would be fine with seeing these 'timing comments' with nothing in them so I knew when rules would fire and when they would not.
We use a Pattern for our KBs and manipulation of rules, events, etc, is already happening, so in this case those would not be changed. But the manually added rules (outside the pattern's rules) could be reordered.
Also, if the 'timing comments' are inserted, this could be helpful for developers in exposing the time slots that are available instead of having to refer to the wiki repeatedly.
Is this a good idea?
I don't think so. There are almost two reasons for that, the first one is technical: GeneXus executes the rules "in order" (how they were placed in rules) when they match the triggering criteria. So, maybe reordening the rules will produce unexpected behaviour in your application. You could argue that GeneXus would let those rules where they were placed, but, it is still dangerous.
The second one has to do with our "way of programming". I put a lot of comments in the code, I like comments, even in the rules. If GeneXus reorders the rules, how do it knows which comments belongs to which rule. At least for me, I don't like that a "tool" reorganize/reorder my code. And I bet I'm not the only one.
Our SonarQube project is reporting violations across our codebase, because we have braces at the start of line instead of end of line.
Right or wrong, this is our accepted style. So how can we remove the end of line requirement and add a start of line requirement, and modify it a bit for else statements as
if()
{
} else {
}
Assuming it's a Java Project, you may look for rules related to braces.
To see all java related rules dealing with braces, use:
https://yoursonarhost/coding_rules#languages=java|q=braces
From your example, squid:LeftCurlyBraceStartLineCheck seems the wright rule.
Also possible to search with filter on specific Quality Profile, f.e.:
https://yoursonarhost/coding_rules#qprofile=java-sonar-way-74224|activation=true|q=braces
Then deactivate the rule that doesn't work for you or change it's severity. If no appropriate rule exists you may roll your own, based on those other brace rules, see sources:
Sonarsource Java Analyzer sources
Before deactivating a rule, I would like to add a note why I'm deactivating it, to have a record for the future about the reason for deactivating.
So far so good, I can add a note, but once I deactivate the rule, the notes on it are deleted.
The workaround at the moment is to "add a note" by extending the rule description, which isn't really what mean to do.
I believe the notes should be kept, regardless of the activation. If this isn't a bug, please consider implementing it as an improvement.
We're not going in that direction. See https://jira.codehaus.org/browse/SONAR-5064
I need to have rule for comment all public methods/classes/properties etc.
I can`t found any standard rule for my requirements.
How can I do it?
StyleCop can partially meet what you're after by rules SA1600 to SA1608 (Element Documentation), but they're not based on accessibility so it applies to all your private methods/classes/properties as well. You can either go down this path and document everything otherwise you'll need to write a custom StyleCop rule: http://scottwhite.blogspot.com/2008/11/creating-custom-stylecop-rules-in-c.html
...any change?
The scenario is this:
For our company we develop a standard how code should look.
This will be the MS full rule set as it looks now.
For some specific projects we may want to turn off specific rules. Simply because for a specific project this is a "known exception". Example? CA1026 - while perfectly ok in most cases, there are 1-2 specific libraries we dont want to change those.
We also want to avoid having a custom rule set. OTOH putting in a suppress attribute on every occurance gets pretty convoluted pretty fast.
Any way to turn off a code analysis warning for a complete assembly without a custom rule set? We rather have that in a specific file (GlobalSuppressions.cs) than in a rule set for maintenance reasons, and to be more explicit ;)
There is no way to create an assembly-level exclusion that will cover all violations of that rule for types and/or members within the assembly.
You could probably still use the CodeAnalysisRules element in your project file, but this is essentially just as much work as a custom ruleset, and more difficult to track given that it's not shown in the project properties UI.
Regardless of the mechanism you would prefer to use, you should also consider whether you want to simply exclude existing violation or whether you want new violations to be introduced. If the former, you should add SuppressMessage attributes for the existing violations. If the latter, you should disable the rule for the assembly.
BTW, in case you weren't aware of this, you can suppress multiple violations at once in the violation list in VStudio.
You'd actually have more flexibility of exclusions with CodeIt.Right for static analysis. And saved all that time :)