Javascript quality profile use is flipping after each new analysis - sonarqube

I noticed that after each sonar analyse, the use of the 'Sonar way' (Javascript) profile is switching.
Then each time it's re-enabled we have all JavaScript issues tagged as new!
What can be the cause of this behavior ?
How can I fix it ?
Thanks for any advice.

I see three possibilities:
you have someone with too much time on his/her hands manually flipping the configuration
you have sonar.profile somewhere in your analysis configuration. The question is how/why it would be getting set/unset
you have a person or more likely process that is resetting what the default JavaScript profile is.
I'm guessing there was some attempt to automate/ensure the use of the Sonar way profile that has somehow gone awry.
I would closely check your job configuration to see if sonar.profile appears anywhere in it and to see if there are any web services calls that might be (re)setting what the default is.

Related

Explain the parameters in default.json of onlyoffice server

I deployed integration edition of document server on windows machine. I want to make many changes on document server as per my suitability. So I wanted to know the meaning of each and every parameter in default.json to achieve my goal. Is there any proper documentation for default.json so that I could thoroughly know the meaning of each parameter and accordingly use those parameter.
No, there is no such doc. You can try to figure it out by looking at changes for https://github.com/ONLYOFFICE/server/blame/master/Common/config/default.json
Unfortunately today we do not have complete documentation for default.json. We already have plans for full refactoring of Document Server configuration
and writing detailed documentation for default.json. We understand the importance of it but any time frames for it could not be specified.
Thank you for the interest in our product.

Finding rules with 0 instances in sonar?

TL;DR: Basically what I am looking for is a way to get a list of all sonar rules that have 0 issues raised. I could then move all of those to blockers and protect myself from someone adding that issue in the future.
My company is using sonar and static analysis to help guide refactoring and development of a sizable legacy codebase (~750K LOC). We have had a lot of success by lowering the severity of most rules and then choosing a smaller set of rules to promote up to blocker or critical as we find real issues in the code. This has kept the number of issues we are trying to address at a time manageable so we can actually feel like we are making progress and not drown in the noise of legacy issues.
In particular when we have been bitten by a field or QA issue that sonar could have detected we turn that issue up to a BLOCKER and fix every instance of in. These blockers break the build and we are now assured that we wont add a new instance of the same issue again. This has worked great and has kept a number of what would be nasty bugs from slipping through.
The big problem with that methodology is we need to have an example of every one of those classes of mistake atleast once in the codebase so we could learn that it was important and should be made a blocker. Any issues we haven't already encountered will still be at their default level, I'd like to move all of them up to BLOCKER now so we notice the day they are added.
Edit: Currently we are using 3.7.3 but we are about to upgrade to 5.X.
There are 2 ways to do this:
1- The difficult way is to query the SonarQube database. You have to understand the tables and write a SQL query based on which DB is used for your SonarQube. You Can find some reference here - OR here
2- I have never tried your method but it should work. You can use Sonar Web Service API. You also have a Web Service Java Client. Reference :
link1,link2,link3

Migration from eXist-db 1.4.x to 2.x

We're going to migrate our application from eXist-db 1.4.1 to ~2.2 (probably RC2).
I`m wondering if anybody already did such a migration and what impediments they met?
I already found some documentation about this on official website and tried to Google, but didn't find much. For now I know that there were significant changes in the security model and some APIs are also changed. But still I want to know if somebody investigated further or maybe can share success story.
The main difference between 1.4.1 and 2.1/2.2 is that stored XQueries now need the executable flag to be set. You can fix your permissions automatically using a query as described in the documentation.
It is also possible that some of your existing queries report errors on 2.1/2.2, which they did not before. In nearly all cases this happens because 1.4 was less strict about the XQuery specification and processed expressions which should not be allowed (the standard as well as the implementation evolved). Also, the query engine may now do additional checks to prevent potential issues. Usually the error messages by the compiler should directly lead to the code you have to fix. This may cost a few minutes, but it's worth the effort. Apart from this, no particular migration issues have been reported.

MS Azure : How to bind https to specific page(s) only

I'm working on large scale enterprise application hosted in azure. Security is top priority and have been asked to secure only handful of pages.
I'm aware that there's a biding element in configuration where we can specify https/http. But, haven't found any thing where we can bind https only to number of selected pages.
Please confirm, if above is possible and if yes how would be much appreciated.
I know it can be done, not sure how though... However, I half heartedly participated in a discussion last week regarding this very issue. The people working on it declared there is no performance loss setting it up for the entire site(something about 1/100 of a second load time the first pageload then no difference). The cost of the work to set it up is higher than buying better machines to evaporate this performance loss.
Don't forget that if you use Azure Web Roles, you own the VM. So, you can use a start-up task that configures IIS however you'd like it.
So, if you already have an on-premise solution that you like and simply want to know how to use that in Windows Azure... then the answer is - launch that process from a start-up task and it will work the same way.
Here's an article on MSDN: Define Startup Tasks for a Role

Any way to use MvcMiniProfiler on windows application? Or is there a sister application?

So I've started using MvcMiniProfiler on our websites and quite like it. We have a Windows Application component/framework that is leveraged by the website and I was wondering if it was possible to use the profiler on that. I'm assuming not, but maybe there is a subcomponent of the code that could be used? I see that there is a way to configure where the results are stored (i.e. Sql Server) so maybe it is close to possible?
We have the following flow:
Website submits job to 'broker' then returns a 'come back later' page.
Broker runs and eventually data in the websites database gets updated by the broker.
Website displays the results.
I'd be great if there was a way I could get the entire workflow profiled. If there is no way/no intentions from the developers to make MvcMiniProfiler available to Windows applications, any recommendations for similar styled profilers?
You could get this working by using SqlServerStorage, there is very little in the code base that heavily depends on ASP.NET, in fact the SQL interceptor is generalized and so it the stack used to capture the traces.
I imagine that a few changes internally need to be made, eg: use Thread.SetData as opposed to HttpContext but they are pretty superficial.
The way you would get this going is by passing the "profiling identity" into the App and then continuing tracking there. Eventually when the user hits the site after it happens, it would show up as little "chiclets" on the left side.
A patch is totally welcome here but it is not something it does in its current version.
(note to future readers, this is probably going to be out of date at some point, if it is please suggest an edit)
Yes, there's a Windows porting of MiniProfiler: http://nootn.github.io/MiniProfiler.Windows/

Resources