Skip to content

Sonarqube fixes #6952

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

Sonarqube fixes #6952

wants to merge 15 commits into from

Conversation

Amndeep7
Copy link
Contributor

@Amndeep7 Amndeep7 commented Jun 3, 2025
edited
Loading

Change list

  • added auth via bearer token
  • swapped out the code snippet api endpoint used
  • baseconverter needed to be tweaked so that it would apply a transformer in an array context
  • separated out types for the different releases and modified the mapping accordingly, so I believe Sonarqube (sonarqube2hdf ) converter null reference on missing summary saf#3248 should be resolved now
  • fixed some bugs
    • results were not being consolidated per rule type
    • cweid tag wasn't able to handle arrays in the frontend
    • buggy xccdf mapper's ref section revealed a problem in the baseconverter's handling of undefineds - addressed both

Todo

  • get answers for questions
  • convert console.logs into logging
  • continue to flesh out mapping and add withraw functionality
  • update tests (live instance instead of or in addition to the mock api?)
  • frontend integration
  • merge some minor changes in the saf cli
  • linting and sonarqube (haha) findings

Amndeep7 added 15 commits May 20, 2025 20:40
@Amndeep7
fix for sonarqube not returning any results at all due to what i beli…
e3ec4dd 
…eve is a change in authentication mechanisms that got introduced in 10.x and forcibly required in 2025.x

Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
mapper rewrite a bit past parity but now supports to an equal or grea…
6390c42 
…ter extent all of sonarqube 8, 9, 10, and 25

Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
fix bug where an array is being supplied to a function that's expecti…
07d9f81 
…ng a string

Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
formatting/linting/typos/swapping out some comments for future todos,…
5668ed2 
… answers to questions, added some actual comments; put a value in for the start time; description sections show up in v8 or at least in sonarcloud which claims to be v8 so change types around accordingly; reciprocating fix for cwe tag to match the fix in the frontend; removed owasp nist mapping since it was no longer always correct and correcting it appropriately was too large for the scope of this work; have the owasp hdf tag get all the owasp information from both the sonarqube systags as well as their context blocks

Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
Fixed bug that arose in base converter where undefineds were getting …
a885411 
…through farther than they ought to have been. Also fixed the xccdf mapper so that the transformer in refs was actually doing its thing properly at all times, which resulted in an improvement to the output from the complianceascode sample

Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
should get tests to run for sonarqube now
667db08 
Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
what i think is a v9 rules endpoint result does not contain 'educatio…
fc4d447 
…nPrinciples' so i'm making it optional

Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
reworked sonarqube mock data to match what the mapper needs
b6ff2d9 
Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
the sample json file did not need the urls to be unescaped - also tha…
26aad9e 
…t unescape function is deprecated

Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
fixes to the sample file values, including reverting back to raw but …
f5c407b 
…making corrections in its raw string representation to match what we actually get from sonarqube (i.e. escaped newline characters when they are not actually for real newlines)

Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
revert back to doing source/raw since show didn't have support for br…
c071b1b 
…anches and pullrequests; improved it so that we still have the line numbers and now also support getting multiple snippets from the flow area if that is provided. also linting fixes include using the isversion25 function

Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
simplified owaspnistmapping and also corrected the type to allow it t…
0361a10 
…o handle both strings and string arrays

Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
reverted-ish the nisttags behavior because sometimes the owasp tag is…
5c1d67e 
… all we got

Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
had to add a new util function for the tests to address how the title…
975190c 
… contains a timestamp which changes on each run, also regenerated the sample files

Signed-off-by: Amndeep Singh Mann <[email protected]>
@Amndeep7
forgot to update the index.ts file with the new name for the owasp-ni…
3d52a89 
…st mapping data file

Signed-off-by: Amndeep Singh Mann <[email protected]>
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
19 New Code Smells (required ≤ 0)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Amndeep7