kandi X-RAY | Qube Summary
kandi X-RAY | Qube Summary
Qube Engine
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of Qube
Qube Key Features
Qube Examples and Code Snippets
Community Discussions
Trending Discussions on Qube
QUESTION
We have developed a chatbot using Azure bot framework. As part of our CI-CD pipeline, we use Sonar Qube to do static code analysis.
Sonar shows multiple instances of code smells as “Redundant use of await on a return value”. The recommendation from Sonar is not to use await as the async method is expected to use a promise.
However, this approach is taken from the BOT Framework samples provided by Microsoft (https://github.com/microsoft/BotBuilder-Samples/blob/main/samples/typescript_nodejs/13.core-bot/src/dialogs/bookingDialog.ts)
Can you please confirm if Microsoft recommendation has changed or this seems to be false positive alert from SonarQube ?
...ANSWER
Answered 2021-May-27 at 08:46First of all, this Sonar rule was added about 2 years ago in this Pull Request with this example
I then found those SO articles answering similar questions: article 1, article 2 but it was still unclear to me so I kept on looking.
Finally I reviewed this documentation and found the answer I was looking for in the last example provided.
In the above example, notice there is no
awaitstatement after thereturnkeyword, although that would be valid too: The return value of anasync functionis implicitly wrapped inPromise.resolve- if it's not already a promise itself (as in this example).
Note: The implicit wrapping of return values in
Promise.resolvedoes not imply thatreturn await promiseValueis functionally equivalent toreturn promiseValue.
I tried the error handling with and without the await on my project and ended up removing the await triggering the warning. So far I haven't seen any difference. I have also noticed that if you wrap the same code inside a try / catch, the Sonar warning isn't raised anymore.
From now on, I will follow Sonar's advice but will update this thread if I encounter an issue.
QUESTION
We setup Sonar qube pull request decoration in AzureDevOps. It report code issues and analyze status to pull request. Also code coverage gathered and can be viewed on Sonar site. Diff coverage also calculated correctly.
But is it possible report coverage back to pull request, so reviewer can take look on difference not leave pull request page? I see on different screenshots, that for github it is possible. But is it possible for AzureDevOps?
...ANSWER
Answered 2021-Mar-17 at 05:48We cannot do this now, In the azure DevOps, we could see the Sonar report in the Sonar site.
You could add your request for this feature on our UserVoice site, which is our main forum for product suggestions. And produce team will check the request. Thank you for helping us build a better Azure DevOps.
QUESTION
I have a Visual Studio .NET Core solution containing Unit Test projects. All the projects have a reference to the Microsoft.NET.Test.Sdk Nuget package is which according to my knowledge is a “must have” for unit tests execution. I would like to perform static code analysis for unit test code (because it is also a code which is part of our deliverables). However, every time I am running Sonar Analysis as a part of Azure DevOps pipeline – I’m seeing “0” Lines of Code inside unit test *.cs files (and also other files inside unit test project) in the SonarQube report.
I have also found out interesting thing. In case I remove reference to the Microsoft.NET.Test.Sdk Nuget package – static code analysis is performed without any problems and code is visible for Sonar Qube scanner. Also – the “dotnet build” command does not report any warnings for unit test projects when running on Azure DevOps build agent – even in case it should 😊.
My SonarQube Prepare task configuration pipeline file is very simple and looks like:
...ANSWER
Answered 2021-Feb-02 at 13:02Ok. It occurs this is "by design" SonarQube behavior. Details and methods how to overwrite it may be found on: https://github.com/SonarSource/sonar-scanner-msbuild/wiki/Analysis-of-product-projects-vs.-test-projects
QUESTION
A number that equals to the sum of its own digits, where each digit raised to the power of number of digits. For example, 153 is an armstrong number because 1^3+3^3+5^3=153
at here user enters a number
...ANSWER
Answered 2021-Feb-01 at 14:47To sum-up all suggestions from the comments:
Your main problem is:
- When you create the
numberslist you usenumber = int(number/10). This changes thenumbervariable itself until it is equal to zero. This means that, as you experienced,result == numberwill always beFalse.
Some redundant parts of your code:
See Splitting integer in Python? to get a list of a number's digits. Most commonly you can just do
numbers = [int(i) for i in str(number)]. This will actually solve the problem above as you don't changenumberthis way.The digits are already integers so no need for an
intconversion. It is also more readable to use direct loop in Python rather than looping over indices:
QUESTION
There is a somewhat famous Unix brain-teaser: Write an if expression to make the following program print Hello, world! on the screen. The expr in if must be a legal C expression and should not contain other program structures.
ANSWER
Answered 2021-Jan-14 at 09:51When fork is executed, the process executing it (the new parent) is executing (of course), and the newly created child is not. For the child to run, either the parent must be stopped and the child given the processor, or the child must be started on another processor, which takes time. Meanwhile, the parent continues execution.
Unless some unrelated event occurs, such as the parent exhausting the time slice it was given for sharing the processor, it wins the race.
QUESTION
I want to disable or ignore my security check from Sonar Qube for a particular code. Below the screenshot, I have used directly my entity class in the request body. And I want to keep this change.
Just want to know how do I ignore this using the Sonar Qube Gradle property
...ANSWER
Answered 2020-Sep-15 at 05:51You can suppress specific warnings by using @SuppressWarnings("squid:S00XX") where S00XX is a Sonar issue ID. You can find this ID in the Sonar UI based on your error or warning.
For suppressing multiple warnings you can try like
@SuppressWarnings({"squid:S00X1", "squid:S00X2"}) i.e. provide multiple Sonar issue IDs.
Or you can also use //NOSONAR comment that tells SonarQube to ignore all errors for a specific line.
QUESTION
I am triyng to intergate jenkins and maven with sonarqube. I am completed with prerequistes and installation part there is ome error related to class not loading, i am confused what is the reason behind this.
JENKINS PIPELINE
...ANSWER
Answered 2020-Sep-13 at 04:49It appears you have not installed any language plugins in SonarQube (not Jenkins).
org.sonar.scanner.rule.QualityProfiles: No quality profiles have been found, you probably don't have any language plugin installed. -> [Help 1]
As a SonarQube Admin, log into SonarQube. From the main menu, Administration | Marketplace ..., filter on "Languages" for Sonar provided languages, "External Analyzers" for third party. "Install" as necessary, Restart required.
As of 7.X, SQ will analyze all code for which a language analyzer is installed; language=java is ignored.
QUESTION
I could already exclude the classes with sonar cube report by adding this in the tag of my POM file.
...ANSWER
Answered 2019-May-07 at 06:10In the application.properties you can do something like this:
QUESTION
I need sample java client code for accessing the issues of a project in sonar Qube?
I will pass the project key as input and get the list of issues in output.
...ANSWER
Answered 2017-Apr-25 at 09:13you can use sonarqube client lib :
QUESTION
I want to create a Github workflow that does the following:
- test my code with
pytest - trigger Sonar Qube Cloud to analyze to the code and show my test coverage!
As far as I understand, SonarQ needs a file coverage.xml to display the code coverage. This can be generated with
ANSWER
Answered 2020-Apr-29 at 18:54The error came from the missing s in reportPaths in the sonar-project.properties file.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install Qube
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
