Findings from excluded projects in SonarQube result

[PulsarFX]

I let analyze my sln with fxcop plugin v1.3 and SonarQube 6.7.4 Unfortunately fxcop findings from the unittest dll are reportet to sonarqube. As SQ leaves test projects out of the result, these findings are reported at every module/csproj in the sq-job without a link to a file (as it is excluded). This leads to very high issue numbers which all are caused by the same, excluded code files.

Even after excluding the unit test project from analysis via

<PropertyGroup>
  <!-- Exclude the project from analysis -->
  <SonarQubeExclude>true</SonarQubeExclude>
</PropertyGroup>

the findings for the unit test project are still there, only the unit test project/module has gone completely from the SQ report (instead of showing up with 0 lines of code, as used to)

Here is an excerpt from the sln analysis:

INFO: Executing command: C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\Team Tools\Static Analysis Tools\FxCop\FxCopCmd.exe /project:...\my.sln.20180622085017.fxcop /ruleset:=...\.sonarqube\out\.sonar\jobname_6B0BD5C9-376E-46E9-ACFC-2F8EA610C43D\fxcop-sonarqube.ruleset /out:...\.sonarqube\out\.sonar\jobname_6B0BD5C9-376E-46E9-ACFC-2F8EA610C43D\fxcop-report.xml /outxsl:none /forceoutput /searchgac
INFO: Microsoft (R) FxCop Command-Line Tool, Version 15.0 (15.0.27019.1) X86
INFO: Copyright (C) Microsoft Corporation, All Rights Reserved.
INFO: 
INFO: Loading ...\my.sln.20180622085017.fxcop...
INFO: Loaded DesignRules.dll...
INFO: Loaded GlobalizationRules.dll...
INFO: Loaded InteroperabilityRules.dll...
INFO: Loaded MobilityRules.dll...
INFO: Loaded NamingRules.dll...
INFO: Loaded PerformanceRules.dll...
INFO: Loaded PortabilityRules.dll...
INFO: Loaded SecurityRules.dll...
INFO: Loaded UsageRules.dll...
...
INFO: Loaded UnitTests.dll...
INFO: Initializing Introspection engine...
INFO: Analyzing...
INFO: Analysis Complete.
INFO: Writing 8 messages...
INFO: Writing report to ...\.sonarqube\out\.sonar\jobname_6B0BD5C9-376E-46E9-ACFC-2F8EA610C43D\fxcop-report.xml...
INFO: Done:00:00:09.5062129

this is done for each module/project in the build job, so the unit test findings are found in every fxcop run like shown above.

 <Target Name="$(ProjectDir)/BinariesUT/UnitTests.dll">
   <Modules>
    <Module Name="unittests.dll">
     <Namespaces>
      <Namespace Name="...">
       <Types>
        <Type Name="SomeTests" Kind="Class" Accessibility="Public" ExternallyVisible="True">
         <Messages>
          <Message TypeName="TypesThatOwnDisposableFieldsShouldBeDisposable" Category="Microsoft.Design" CheckId="CA1001" Status="Active" Created="2018-06-22 06:50:17Z" FixCategory="DependsOnFix" BreaksBuild="True">
           <Issue Name="DependsOnFix" Certainty="95" Level="CriticalError">Implement IDisposable on 'SomeTests' because it creates members of the following IDisposable types: 'DisposableType'. ...

• Is this expected behaviour?
• How can I get rid of fxcop warnings in SQ?
• How can I exclude projects from fxcop analysis?

[DanielHWe]

What are the Sonar Qube Options you are using for the plugin?

If it is Default or a sln File, you should define the assemblies you want to scan by sonar.cs.fxcop.assembly or you should create your own FxCop Project and use sonar.cs.fxcop.project. (Please see read me for more Information)

In the Moment the Settings in csproj files are not used, I will make a Feature request for this.

[PulsarFX]

this is the parameter setup:

  <Property Name="sonar.cs.fxcop.directory">...\BinariesUT</Property>
  <Property Name="sonar.cs.fxcop.slnFile">...\My.sln</Property>
  <Property Name="sonar.cs.fxcop.fxCopCmdPath">C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\Team Tools\Static Analysis Tools\FxCop\FxCopCmd.exe</Property>

could I use multiple values for sonar.cs.fxcop.assembly if I change from sln style to dll style? This is not clear to me from the readme.

[DanielHWe]

You can use wildcards in the sonar.cs.fxcop.assembly Parameter. If that not works try it with the Project way.

[PulsarFX]

Can you give an example how to use wildcards? Is it regex style (like in the runsettings file)?

[DanielHWe]

It is like in filesystems, so My* will find MyProject.dll, MyProject.exe and MyLib.dll.

[PulsarFX]

Thanks, I managed to get it running. But, some caveats:

• I need to supply the folder where the dlls reside (so, the same as in sonar.cs.fxcop.directory) else nothing is found, giving me the "Cannot find any assembly matching ... " exception.
• I need to use / instead of .

this will work:
sonar.cs.fxcop.assembly=Binaries/net461/MyProg*

this wont work or find nothing:
sonar.cs.fxcop.assembly=Binaries\\net461\\MyProg* sonar.cs.fxcop.assembly=Binaries\net461\MyProg* sonar.cs.fxcop.assembly=MyProg*

[mounamukhar]

I have a similar situation. I have multiple folders which needs to be provided as assembly. For example - Project/Sub1/bin/Debug/net461/ Project/Sub2/bin/Debug/net461/

I have tried /d:sonar.cs.fxcop.assembly=Project/**/bin/Debug/net461/* and a few other things. But the * in the middle of path is not being accepted and throwing illegal character error. I have also tried using comma to specify the paths, like /d:sonar.cs.fxcop.assembly=Project/Sub1/bin/Debug/net461/Sub1.dll,Project/Sub2/bin/Debug/net461/Sub2.dll -- In this case the whole string is accepted as a single file path and throwing error as file not found.

Any Suggestion?

[DanielHWe]

FxCopCmd.exe itself does only support one assembly directory to scan, so you can not define multiple assembly directories. See https://documentation.help/FxCop/df7e8653-5b24-4547-afaf-f5c8ff75f4b3.htm What you can do is to define an ... for defining a directory with depending assemblies.