Fix S3216 FN: Support CodeAnalysisRuleSet property in SDK-style MSBuild projects

[gdodd1977]

I can see that my projects are pointing to the correct ruleset file:

And when I open that, I verified a rule that I expected to see was checked, but when I run analyze, it doesn't show in my code. As well, when I wrap the code in the pragma tags, sonarlint is telling me it's unnecessary.

Is there something I haven't done correctly to sync these things up?

[duncanp-sonar]

Some questions:

• which version of VS are you using?
• which version of SonarLint are you using?
• are any SonarLint errors being reported? e.g. // TODO should be enough to trigger S1135.

What do you mean by "when I run analyze"? The SonarC# analyzer is a Roslyn-based analyzer so VS will run it automatically on open files (and potential unopened files, depending on how you have configured VS).

FYI the IDE0079 about the unnecessarys suppression is being reported by a built-in VS rule, not by SonarLint. All Sonar rules start with an "S".

[gdodd1977]

VS: Version 16.8.4

Yes. some sonarlint errors are being reported. But the one for ConfigureAwait isn't reporting despite being included in the ruleset file.

EDIT:

You can see it isn't showing that this is not valid. But SQ flags it when the SQ analyzer runs during our build. I want to exempt this rule for my whole solution because we use Durable Functions which don't like ConfigureAwait(false). But I don't know how to exempt it solution wide without the little context menu item.

[duncanp-sonar]

FYI @DotNet team: the behaviour reported by @gdodd1977 is that the issue didn't appear in the IDE but did appear in SonarQube.

With the attached projects, the behaviour on my machine was slightly different:

• the old-style MSBuild project worked correctly in VS2015, VS2019 and when analysed with S4MSB.
• the SDK-style project didn't report the issue in either the IDE or when analysed using S4MSB.

Sample projects: (the xxx_vs2015 is the old-style project):: Support_Analyzers.zip

.NET FX project : issue appears in the IDE and in SonarCloud .NET Core project: issue does not appear in either the IDE or SonarCloud

[gdodd1977]

@duncanp-sonar My projects are either .net standard 2.0 or .net core 3.1 None of my projects show this warning. And I even turned the rule to Info only in the ruleset file. But that appears to have had no impact on SonarQube analyzer. I really just want to turn it off solution wide so I don't have to put pragma suppression around tons of code all over my application.

[duncanp-sonar]

If you don't want issues to be reported in SonarQube, disable the rule in the Quality Profile on the server.

On Thu, 4 Feb 2021 at 20:39, Gregory T Dodd notifications@github.com wrote:

@duncanp-sonar https://github.com/duncanp-sonar My projects are either .net standard 2.0 or .net core 3.1 None of my projects show this warning. And I even turned the rule to Info only in the ruleset file. But that appears to have had no impact on SonarQube analyzer. I really just want to turn it off solution wide so I don't have to put pragma suppression around tons of code all over my application.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/SonarSource/sonar-dotnet/issues/4025#issuecomment-773589989, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACSCLNYFURGTJDV6LZDG2Z3S5MAZHANCNFSM4XDO2ZYQ .

--

Duncan Pocklington | SonarSource

Developer

https://sonarsource.com http://sonarsource.com/

[gdodd1977]

I don't have access to do that. Is there not a way to do it vis the sln other than pragma statements?

[duncanp-sonar]

@gdodd1977 if you want to stop issues for that rule from appearing in SonarQube then your only options are to (1) change the rule in the quality profile, or (2) add pragmas for each occurrence.

If you need more help with configuring the rules in SonarQube or SonarLint, could you open a thread in the community forum please? The DotNet team will be using this ticket to track the false-negative bug, so it would be easier if any non-bug questions were handled separately. Thank you.