search

SonarSource / sonar-scanner-msbuild

SonarScanner for .NET
http://redirect.sonarsource.com/doc/msbuild-sq-runner.html
GNU Lesser General Public License v3.0
365 stars 143 forks source link

Do not provide cross-language analyzer DLLs #1093

Open pavel-mikula-sonarsource opened 3 years ago

pavel-mikula-sonarsource commented 3 years ago

The internal configuration file .sonarqube\conf\SonarQubeAnalysisConfig.xml contains list of analyzer DLLs to provide to the compiler.

It currently looks like the example below. <AnalyzerSettings> for <Language>cs</Language> embeds csharp, vbnet and securitycsharpfrontend <AnalyzerSettings> for <Language>vb</Language> embeds csharp and vbnet

This doesn't make sense. <Language>cs</Language> should get csharp and securitycsharpfrontend <Language>vb</Language> should get vbnet only

  <AnalyzersSettings>
    <AnalyzerSettings>
      <Language>cs</Language>
      <RulesetPath>c:\DemoProject\.sonarqube\conf\Sonar-cs.ruleset</RulesetPath>
      <DeactivatedRulesetPath>c:\DemoProject\.sonarqube\conf\Sonar-cs-none.ruleset</DeactivatedRulesetPath>
      <AnalyzerPlugins>
        <AnalyzerPlugin Key="csharp" Version="8.30.0.37606" StaticResourceName="SonarAnalyzer-8.30.0.37606.zip">
          <AssemblyPaths>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\Google.Protobuf.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\Newtonsoft.Json.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\SonarAnalyzer.CFG.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\SonarAnalyzer.CSharp.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\SonarAnalyzer.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\THIRD-PARTY-NOTICES.txt</Path>
          </AssemblyPaths>
        </AnalyzerPlugin>
        <AnalyzerPlugin Key="vbnet" Version="8.30.0.37606" StaticResourceName="SonarAnalyzer-8.30.0.37606.zip">
          <AssemblyPaths>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\19\Google.Protobuf.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\19\SonarAnalyzer.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\19\SonarAnalyzer.VisualBasic.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\19\THIRD-PARTY-NOTICES.txt</Path>
          </AssemblyPaths>
        </AnalyzerPlugin>
        <AnalyzerPlugin Key="securitycsharpfrontend" Version="9.2.0-M1.13789" StaticResourceName="SonarAnalyzer.Security-9.2.0-M1.13789.zip">
          <AssemblyPaths>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\Google.Protobuf.License.txt</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\Microsoft.AspNetCore.Razor.Language.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\SonarAnalyzer.Security.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\System.Buffers.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\System.Memory.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\System.Numerics.Vectors.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\System.Runtime.CompilerServices.Unsafe.dll</Path>
          </AssemblyPaths>
        </AnalyzerPlugin>
      </AnalyzerPlugins>
      <AdditionalFilePaths>
        <Path>c:\DemoProject\.sonarqube\conf\cs\SonarLint.xml</Path>
      </AdditionalFilePaths>
    </AnalyzerSettings>
    <AnalyzerSettings>
      <Language>vbnet</Language>
      <RulesetPath>c:\DemoProject\.sonarqube\conf\Sonar-vbnet.ruleset</RulesetPath>
      <DeactivatedRulesetPath>c:\DemoProject\.sonarqube\conf\Sonar-vbnet-none.ruleset</DeactivatedRulesetPath>
      <AnalyzerPlugins>
        <AnalyzerPlugin Key="csharp" Version="8.30.0.37606" StaticResourceName="SonarAnalyzer-8.30.0.37606.zip">
          <AssemblyPaths>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\Google.Protobuf.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\Newtonsoft.Json.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\SonarAnalyzer.CFG.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\SonarAnalyzer.CSharp.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\SonarAnalyzer.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\THIRD-PARTY-NOTICES.txt</Path>
          </AssemblyPaths>
        </AnalyzerPlugin>
        <AnalyzerPlugin Key="vbnet" Version="8.30.0.37606" StaticResourceName="SonarAnalyzer-8.30.0.37606.zip">
          <AssemblyPaths>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\19\Google.Protobuf.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\19\SonarAnalyzer.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\19\SonarAnalyzer.VisualBasic.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\19\THIRD-PARTY-NOTICES.txt</Path>
          </AssemblyPaths>
        </AnalyzerPlugin>
      </AnalyzerPlugins>
      <AdditionalFilePaths>
        <Path>c:\DemoProject\.sonarqube\conf\vbnet\SonarLint.xml</Path>
      </AdditionalFilePaths>
    </AnalyzerSettings>
  </AnalyzersSettings>
andrei-epure-sonarsource commented 2 years ago

When we download from the server, we don't know what we're going to analyze. And we let the compiler do the pick.

Is there a functional problem with this?

pavel-mikula-sonarsource commented 2 years ago

The project language is not important at this stage, this XML file is generated in the begin step anyway. It should download both (actually all three), as it currently does. And it should assign VB DLLs to VB language and C# DLLs to C# language - as it currently does for C# SE FE.

Functionally, it works. I assume the performance overhead to be minimal. It's confusing for maintenance, investigation and debugging.

  <AnalyzersSettings>
    <AnalyzerSettings>
      <Language>cs</Language>
      <RulesetPath>c:\DemoProject\.sonarqube\conf\Sonar-cs.ruleset</RulesetPath>
      <DeactivatedRulesetPath>c:\DemoProject\.sonarqube\conf\Sonar-cs-none.ruleset</DeactivatedRulesetPath>
      <AnalyzerPlugins>
        <AnalyzerPlugin Key="csharp" Version="8.30.0.37606" StaticResourceName="SonarAnalyzer-8.30.0.37606.zip">
          <AssemblyPaths>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\Google.Protobuf.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\Newtonsoft.Json.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\SonarAnalyzer.CFG.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\SonarAnalyzer.CSharp.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\SonarAnalyzer.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\18\THIRD-PARTY-NOTICES.txt</Path>
          </AssemblyPaths>
        </AnalyzerPlugin>
        <AnalyzerPlugin Key="securitycsharpfrontend" Version="9.2.0-M1.13789" StaticResourceName="SonarAnalyzer.Security-9.2.0-M1.13789.zip">
          <AssemblyPaths>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\Google.Protobuf.License.txt</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\Microsoft.AspNetCore.Razor.Language.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\SonarAnalyzer.Security.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\System.Buffers.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\System.Memory.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\System.Numerics.Vectors.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\20\System.Runtime.CompilerServices.Unsafe.dll</Path>
          </AssemblyPaths>
        </AnalyzerPlugin>
      </AnalyzerPlugins>
      <AdditionalFilePaths>
        <Path>c:\DemoProject\.sonarqube\conf\cs\SonarLint.xml</Path>
      </AdditionalFilePaths>
    </AnalyzerSettings>
    <AnalyzerSettings>
      <Language>vbnet</Language>
      <RulesetPath>c:\DemoProject\.sonarqube\conf\Sonar-vbnet.ruleset</RulesetPath>
      <DeactivatedRulesetPath>c:\DemoProject\.sonarqube\conf\Sonar-vbnet-none.ruleset</DeactivatedRulesetPath>
      <AnalyzerPlugins>
        <AnalyzerPlugin Key="vbnet" Version="8.30.0.37606" StaticResourceName="SonarAnalyzer-8.30.0.37606.zip">
          <AssemblyPaths>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\19\Google.Protobuf.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\19\SonarAnalyzer.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\19\SonarAnalyzer.VisualBasic.dll</Path>
            <Path>C:\Users\Current.User\AppData\Local\Temp\.sonarqube\resources\19\THIRD-PARTY-NOTICES.txt</Path>
          </AssemblyPaths>
        </AnalyzerPlugin>
      </AnalyzerPlugins>
      <AdditionalFilePaths>
        <Path>c:\DemoProject\.sonarqube\conf\vbnet\SonarLint.xml</Path>
      </AdditionalFilePaths>
    </AnalyzerSettings>
  </AnalyzersSettings>
pavel-mikula-sonarsource commented 2 years ago

This should be something line 1 line change (+ undefined lines of test code 😄 )