green-code-initiative / ecocode Goto Github PK

[ecoCode challenge 2023 - Team 28 days]

Is your feature request related to a problem? Please describe.
The i++ form has the disadvantage of generating a temporary variable during incrementation, which is not the case with the ++i form.

idea from @jycr :

SonarQuabe has a centralized repository to describe each of its rules, which is independent of the different existing implementations:
https://github.com/SonarSource/rspec

This makes it possible to have a centralized vision of the rules, and their variations according to the programming languages.
This also helps to avoid problems/conflicts in assigning identifiers (keys) for the rules.

This also makes it easier to write descriptions (in asciidoc/markdown).

Perhaps this orientation could become interesting for the future of ecoCode rules?

According to me, we should have a special meeting for this point to initiate this refactoring to :

• describe context
• describe your first idea, @jycr
• make a discussion with core team
• create an action plan, here

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

please take into account following optimizations for automatic release system :

• really change the version of plugin deployed, thus the real version will appear in administration SonarQube UI
• optimize generated release notes from changelog : actually, release notes are generated from text between 2nd H2 and 3rd H2.
  • add tag pusher login
  • add commiters list
• make documentation about this system (how it works, how to make a release)
• protect tag creation and deletion : https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules

Is your feature request related to a problem? Please describe.
There is a lot of implemented rules for each language in ecocode plugin.
Maybe some rules already exist natively in SonarQube.
And second point, check the veracity of each rule :

• ex1 with "change i++ to ++i" : warning with this modification because sometimes this change de behaviour. The best would be that we change only if there is no risk on code behaviour
• ex2 : #53
• ex3 : #52
• ex3 : #51

Describe the solution you'd like
It would be good to make a verification audit to check if :

• implemented rules doesn't exist in SonarQube native rules yet
• implemented code of each rule to check that all enabled statement is really managed on casting process ! (see #42 )
• check if native SonarQube rule (ex : "Pattern.compile in static scope instead of method scope") can be tagged (with our common tool in ecoCode-common repository) with eco-design tag

Describe alternatives you've considered
For ambiguous rules (implemented VS SonarQube native), list them and discuss about it during a core team point.

Is your feature request related to a problem? Please describe.
We migrated our source code from "CNumr" organization (https://github.com/cnumr/ecoCode) to "Green Code Initiative" organization (https://github.com/green-code-initiative/ecoCode)

Describe the solution you'd like
refactor all code source packages from "cnumr" to "greencodeinitiative"

once issue ok, please make same modifications to ecoCode-mobile repository

Pages concerned:

• docs/rules/web-matrix.md
• docs/rules/web-rules.md

Needs:

• Add the rule key on each line that the described rule is implemented

The name of the tag is in french "eco-conception".

It might be renamed as "eco-design".

It also seems like I don't have right access to the repository since it has moved. Could you please give me access to create a feature branch then the PR?

[ecoCode challenge 2023 - Team 28 days]

The shape using the quotation marks allows the developer to insert variables that will be substituted at run time. But if the string does not have a variable, use quotes instead. Thus, language will not look for variables to subtituture, which will reduce the consumption of CPU cycles.

Is your feature request related to a problem? Please describe.

• add a higer level of automatization for release process
• add additional information on commiters

Describe the solution you'd like

• optimize generated release notes from changelog : actually, release notes are generated from text between 2nd H2 and 3rd H2. :
  • add tag pusher login
  • add commiters list
  • check process to verify that a title with actual version is present before anything else
• modify docker-compose.yaml file with last SNAPSHOT version
• upgrade release process inINSTALL.md file
• test different available solutions to bypass branch protection with automatic commit done by workflow (currently, not possible, that's why, a PR + validation + manu tag push is done to make a new release) : see in https://github.com/orgs/community/discussions/13836#discussioncomment-4612365
• add Commiters in Release info
  • ex 1 : https://github.com/marketplace/actions/auto-add-contributors
  • ex 2 : https://github.com/digitalfabrik/integreat-cms/pull/1829/files)

once issue ok, please make same modifications to ecoCode-mobile repository

Describe the bug
[INFO] Load metrics repository
[INFO] Load metrics repository (done) | time=42ms
[INFO] Sensor JavaSensor [java]
[INFO] Configured Java source version (sonar.java.source): 11
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=28ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=19ms
[INFO] Server-side caching is enabled. The Java analyzer will not try to leverage data from a previous analysis.
[INFO] Using ECJ batch to parse 34 Main java source files with batch size 266 KB.
[INFO] Starting batch processing.
[INFO] The Java analyzer cannot skip unchanged files in this context. A full analysis is performed for all files.
[ERROR] Unable to run check class fr.cnumr.java.checks.OptimizeReadFileExceptions - GRSP0028 on file 'src/main/java/BookingService.java', To help improve the SonarSource Java Analyzer, please report this problem to SonarSource: see https://community.sonarsource.com/
java.lang.ClassCastException: class org.sonar.java.model.expression.NewClassTreeImpl cannot be cast to class org.sonar.plugins.java.api.tree.TryStatementTree (org.sonar.java.model.expression.NewClassTreeImpl and org.sonar.plugins.java.api.tree.TryStatementTree are in unnamed module of loader org.sonar.classloader.ClassRealm @5339cdc6)
at fr.cnumr.java.checks.OptimizeReadFileExceptions.visitNode(OptimizeReadFileExceptions.java:41)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.lambda$visit$6(VisitorsBridge.java:452)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.lambda$forEach$9(VisitorsBridge.java:468)
at org.sonar.java.model.VisitorsBridge.runScanner(VisitorsBridge.java:265)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.forEach(VisitorsBridge.java:468)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.visit(VisitorsBridge.java:454)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.visitChildren(VisitorsBridge.java:438)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.visit(VisitorsBridge.java:458)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.visitChildren(VisitorsBridge.java:438)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.visit(VisitorsBridge.java:458)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.visitChildren(VisitorsBridge.java:438)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.visit(VisitorsBridge.java:458)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.visitChildren(VisitorsBridge.java:438)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.visit(VisitorsBridge.java:458)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.visitChildren(VisitorsBridge.java:438)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.visit(VisitorsBridge.java:458)
at org.sonar.java.model.VisitorsBridge$IssuableSubscriptionVisitorsRunner.scanFile(VisitorsBridge.java:416)
at org.sonar.java.model.VisitorsBridge.lambda$runScanner$1(VisitorsBridge.java:260)
at org.sonar.java.model.VisitorsBridge.runScanner(VisitorsBridge.java:265)
at org.sonar.java.model.VisitorsBridge.runScanner(VisitorsBridge.java:260)
at org.sonar.java.model.VisitorsBridge.visitFile(VisitorsBridge.java:243)
at org.sonar.java.ast.JavaAstScanner.simpleScan(JavaAstScanner.java:132)
at org.sonar.java.JavaFrontend.scanAsBatchCallback(JavaFrontend.java:247)
at org.sonar.java.JavaFrontend.lambda$scanBatch$0(JavaFrontend.java:238)
at org.sonar.java.model.JParserConfig$Batch$1.acceptAST(JParserConfig.java:181)
at org.eclipse.jdt.core.dom.CompilationUnitResolver.resolve(CompilationUnitResolver.java:1143)
at org.eclipse.jdt.core.dom.CompilationUnitResolver.resolve(CompilationUnitResolver.java:739)
at org.eclipse.jdt.core.dom.ASTParser.createASTs(ASTParser.java:1049)
at org.sonar.java.model.JParserConfig$Batch.parse(JParserConfig.java:165)
at org.sonar.java.JavaFrontend.scanBatch(JavaFrontend.java:238)
at org.sonar.java.JavaFrontend.scanInBatches(JavaFrontend.java:228)
at org.sonar.java.JavaFrontend.scanAsBatch(JavaFrontend.java:195)
at org.sonar.java.JavaFrontend.scan(JavaFrontend.java:170)
at org.sonar.plugins.java.JavaSensor.execute(JavaSensor.java:113)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)
at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:399)
at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:395)
at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:364)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:135)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy24.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:185)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:137)
at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute(ScannerBootstrapper.java:65)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute(SonarQubeMojo.java:104)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:154)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:146)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:309)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:194)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:107)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:955)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:290)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:194)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)

[INFO] Did not optimize analysis for any files, performed a full analysis for all 4 files.
To Reproduce
Steps to reproduce the behavior:
Run command : mvn clean verify sonar:sonar -Dsonar.projectKey=GreenIT -Dsonar.host.url=http://localhost:9000 -Dsonar.login=sqp_xxxxxxx

Expected behavior
Full scan
Screenshots
If applicable, add screenshots to help explain your problem.

Software Versions

• SonarQube Version: 9.8.0.63
• Plugin Version: 1.1.0

[ecoCode challenge 2023 - Team 28 days]

The shape using the quotation marks allows the developer to insert variables that will be substituted at run time. But if the string does not have a variable, use quotes instead. Thus, language will not look for variables to subtituture, which will reduce the consumption of CPU cycles.

Is your feature request related to a problem? Please describe.
Currently, plugin requires a 11 JDK at minimum. But, many societies still uses a 1.8 JDK.
check #57

Describe the solution you'd like
Check if possible to make plugin 1.8 JDK compatible with a minimum code modifications.

it would be very useful to add those plugins on the SonarQube Marketplace.

The procedure is relatively straightforward. See: https://github.com/SonarSource/sonar-update-center-properties

If you are OK with this idea, and if you wish, I can do the work for you.

Describe the bug
when automatic workflow build is launched when a PR is created or updated, it crashes when it try to communicate with SonarCloud.io to send metrics.

To Reproduce
Update or create a PR from a fork branch and check build workflow.

Expected behavior
The build workflow is OK and SonarCloud.io is updated with the new branch from fork

Screenshots
the error :
... Caused by: org.sonar.api.utils.MessageException: Project not found. Please check the 'sonar.projectKey' and 'sonar.organization' properties, the 'SONAR_TOKEN' environment variable, or contact the project administrator

Solution idea : upgrade build workflow to give the name branch

• https://docs.sonarqube.org/latest/analyzing-source-code/branches/branch-analysis/
• https://stackoverflow.com/questions/58033366/how-to-get-the-current-branch-within-github-actions

there are two files to declare rules definition on PHP plugin : PhpRuleRepository and PhpRulesDefinition.
But, actually, PhpRuleRepository is really used in PHPPlugin.
But there is a unit test for PhpRulesDefinition and no unit test for PhpRuleRepository.

After PR #79 merged, correct this pb of duplicated classes and unit tests.

check if rules are also raised by SonarLint plugin on developer IDE.

after a quick check on ecoCode-java-test-project, there is no ecoCode rules used and thus not raised. Cause : project not binded on a real Sonar project to synchronize all rules.

one way : to send real test projects to ecoCode sonarcloud instance (like done for ecoCode plugins) and then bind local IDE project to this sonarcloud project.

once ok for Java, check for other languages plugins

Nous allons regarder cette règle équipe 4kms/an

The fat Team 800Kg will implement this rules.

Is your feature request related to a problem? Please describe.
The java rule Avoid using global variables with id cnumr-java:D4 isn't really "good" for our society for different reasons :

• java IDE generates automatically a global variable with serialID for classes implementing "Serializable" interface : we have a lot this kind of modification : please see capture
• it's a good practice in java language to have a common global variable representing a constant used in one or several classes : please see capture
• it's a good practice in java language to have a common global variable with pre-compiled regex Pattern to avoid compiling this pattern each time a local method is called. This rule is against native SaonrQube rule Regex patterns should not be created needlessly (id : java:S4248) : please see capture

please check also rule Avoid using Pattern.compile() in a non-static context. (id cnumr-java:S77) because it's quite against the rule Avoid using global variables (id cnumr-java:D4)

Describe the solution you'd like

• for the moment, this rule is disabled in our SonarQube
• check why this rule is relevant in our plugin

what is your point of view @glalloue, @jules-delecour-dav, @jhertout, @olegoaer, @mdubois81 ?

Describe the bug
currently, there are :

• INSTALL.md that contains all technical documentation to install and use plugins for development environnment
• starter-pack.md with some "starter" documentation but also for development environment

Expected behavior
Clarify and upgrade an installation documentation without dealing with development environment, only for using in SonarQube (install on SonarQube, config SonarQube quality profile with custom script or not)

First of all, thank you for your work!

After an analysis, no ecocode code smells appears in my Sonar project :

I added the ecocode-php-plugin-0.2.2.jar in the extensions/plugins directory.
All rules appears in my quality profiles and I've activate them.

My project use the good quality PHP ecoCode profile where I use those rules.

But when I add some dirty code on my Symfony project ie :

Only basic sonar way code smell is detected.

Do I missed something in my Sonar configuration?

Thanks a lot for your answer

Software Versions

• SonarQube Version: 9.4
• Plugin Version: 0.2.2

Guillaume

Describe the bug
When I download the latest jar files release from github, it's not the same version printed by sonarqube after loading.

• Github = 0.1.1
• jar file = "0.1.0-SNAPSHOT"

It can make confusion with users.

Expected behavior

Versions have to be the same between releases github and the pom version from jar files.

Screenshots

Additional context

Something like mvn versions:set -DnewVersion=XX.XX have to be done inside github workflow before releasing.

Is your feature request related to a problem? Please describe.
currently, when a developer create a new rule in the plugin, he can test it with unit tests but not on a real SonarQube environment.

Describe the solution you'd like
Create a new project / repository containing an example application (one by language ?) which can be used to push on local development SonarQube environment to check if the new rule is OK.
It would be an integration test.
Maybe we can use all current source files used in unit tests.

Currently SonarCloud raise a security error because of java.util.regex.Pattern.compile(…).
To correct it, we can use com.google.re2j.Pattern.compile(…) but it is available with com.google.re2j.Pattern.compile(…) external dependency.
But regarding SonarQube plugin development best practices, we can't use external dependencies for runtime :(

Follow discussion with Sonar support : https://community.sonarsource.com/t/custom-plugin-cant-use-external-maven-dependency/85967

once a solution is here, check other plugins

When i install plugins on sonarqube instance, homage link is broken :

** How to reproduce**
Steps to reproduce the behavior:

1. Go to administration menu
2. Click on marketplace tab
3. Scroll down to plugins section
4. Select "installed" tab
5. Click on "homepage" link

Expected behavior
Link to the good folder associated to the selected plugin.

Screenshots
see above

Software Versions

• SonarQube Version: 9.9
• Plugin Version: 0.3.0-snapshot

Additional context

• problem also concern php / java / python plugins

The IncrementCheck seems irrelevant since the java compiler produces the same byte code in many cases.

Steps to reproduce the behavior:

1. write a class with a for-loop using i++ to increment the counter
2. duplicate the class and replace i++ with ++i
3. compile both classes
4. compare the generated bytecode
5. no differences found

Is your feature request related to a problem? Please describe.
The java rule The variable exception is not assigned with id cnumr-java:S63 isn't really "good" for our society becasue the argument to change delete the variable is not relevant. try-catch statement in Java language use a temporary variable in catchstatement. Please see followed captures :

Describe the solution you'd like

• for the moment, this rule is disabled in our SonarQube
• check why this rule is relevant in our plugin

what is your point of view @glalloue, @jules-delecour-dav, @jhertout, @olegoaer, @mdubois81 ?

Hello,

I downloaded the latest source code release (0.2.2) as a tgz archive.
I followed the guide and started by building the plugins with ./tool_build.sh.
Then I launched the docker-compose with ./tool_docker-init.sh.

As we can see in the docker-compose file, we're looking for the version 0.2.3 of the plugins which don't exist because we have built the 0.2.2 versions.

volumes:
      - type: bind
        source: ./java-plugin/target/ecocode-java-plugin-0.2.3-SNAPSHOT.jar
        target: /opt/sonarqube/extensions/plugins/ecocode-java-plugin-0.2.3-SNAPSHOT.jar

$ ll java-plugin/target/
total 5840
drwxr-xr-x 9 j.buiquang utilisa. du domaine    4096 févr. 28 11:03 ./
drwxrwxr-x 4 j.buiquang utilisa. du domaine    4096 févr. 28 11:03 ../
drwxr-xr-x 3 j.buiquang utilisa. du domaine    4096 févr. 28 11:03 classes/
-rw-r--r-- 1 j.buiquang utilisa. du domaine 5854022 févr. 28 11:03 ecocode-java-plugin-0.2.2.jar
# ...

I also found that the target are generated without the "SNAPSHOT" suffix.

Describe the bug
please check the analysis in SonarCloud : https://sonarcloud.io/project/security_hotspots?id=green-code-initiative_ecoCode&sinceLeakPeriod=true

Expected behavior
No security issue in SonarCloud

Team 5R

An automated container build was added by #72 but only amd64 platform was addressed (I was sure it was the only SonarQube supported platform).

To add this support, we need to find a workaround for building, because the actual used maven image doesn't support ARMv8. So we need to find a supported tag, or to build only on amd64 (and it would better to only build once) and put the jars in SQ containers.

(I can't assign myself, but I can manage to do it)

The ./check_requirement.sh script return error when 3.9.0 version from maven is installed.
Max version installed is supposed to be 3.8.7

3.9.0 version has been released January 31 this year.
So many developers can use this version and maybe they already installed it before next hackaton event.

• Check all repository using maven to validate 3.9.0 version compatibility
• modify check requirement scripts to accept 3.9.0 as max maven version

Proposal for support by the team 17%. We think we can develop it quickly.

(TO BE MEASURED)
The Rule EC75 about String concatenation in a loop is said "Not applicable" for Python, but there actually is a way to generate strings that might be a better manner than concatenation in a loop: creating a list of string using a list comprehension then calling the join() built-in.

Non-compliant code example:

s = ""
for fruit in fruits:
  s += fruit.name

Compliant code example:

l = [fruit.name for fruit in fruits]
"".join(l)

The new SonarQube version 9.9 has just been released.
Check installation of plugins and upgrade documentation / docker image if all is ok.

Create the same issue on other repositories if all is ok.

Describe the bug
We use Sonar 8 for multiples Project in our Company.
Since the installation of the plugin ecocode ( version 0.1.1 ) , users get errors on scanning Legacy projects that run with Java 8 :

This is the error occured :

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project pfx-aggregator: The plugin [ecocodepythonplugin] does not support Java 1.8.0_282: fr/cnumr/python/CustomPythonRulesPlugin has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0 -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn -rf :pfx-aggregator

Team 5R

Describe the bug
When we build plugin (using tool_build.sh script), informations are note up-to-date.
Example for java-plugin :

--- sonar-packaging-maven-plugin:1.21.0.505:sonar-plugin (default-sonar-plugin) @ ecocode-python-plugin ---
[INFO] -------------------------------------------------------
[INFO] Plugin definition in update center
[INFO]     Key: ecocodepythonplugin
[INFO]     Name: ecoCode Python Sonar Plugin
[INFO]     Description: Les règles s'appuient sur l'édition 3 du livre "Ecoconception Web / Les 115 bonnes pratiques" => https://collectif.greenit.fr/ecoconception-web/115-bonnes-pratiques-eco-conception_web.html
[INFO]     Version: 0.2.2-SNAPSHOT
[INFO]     Display Version: 0.2.2-SNAPSHOT
[INFO]     Entry-point Class: fr.cnumr.python.CustomPythonRulesPlugin
[INFO]     Required Plugins: 
[INFO]     Does the plugin support SonarLint?: true
[INFO]     Use Child-first ClassLoader: false
[INFO]     Base Plugin: python
[INFO]     Homepage URL: 
[INFO]     Minimal SonarQube Version: 9.4.0.54424
[INFO]     Licensing: GPL v3
[INFO]     Organization: CNumR
[INFO]     Organization URL: https://collectif.greenit.fr
[INFO]     Terms and Conditions: 
[INFO]     Issue Tracker URL: https://github.com/green-code-initiative/ecocode/issues
[INFO]     Build date: 2023-01-04T08:57:25+0100
[INFO]     Sources URL: https://github.com/green-code-initiative/ecocode/ecocode-python-plugin
[INFO]     Developers: 
[INFO]     Minimal JRE Specification Version: 
[INFO]     Minimal Node.js Version: 
[INFO] Skip packaging of dependencies
[INFO] -------------------------------------------------------
[INFO] Building jar: /Users/ddecarvalho/git_perso/ecocode/python-plugin/target/ecocode-python-plugin-0.2.2-SNAPSHOT.jar

To Reproduce
Launch locally tool_build.sh script

Expected behavior
Lack of information :

• Homepage URL : empty
• Organization : wrong organization
• Organization URL : wrong URL
• Minimal JRE Specification Version : empty

When ok in this repository, please make same modifications into ecoCode-mobile repository

Software Versions

• SonarQube Version: 9.8
• Plugin Version: current

Python plugin didn't work since library upgrades.
See Issue #64 and PR #77

Analyse why I must change the core code of python plugin : maybe adding an extension Registrar type and keep JSON files was a solution.

The same problem for PHP plugin.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
when we launch a SonarQube analysis, there is a lot of exception on ecocode plugin. Then, the analysis crashes and this stops and CI/CD pipeline.
please see examples above.

To Reproduce
JDK 17
Gradle
example command launched : gradle --no-daemon sonarqube -Dsonar.qualitygate.wait=true -Dsonar.branch.name=release-4.1 -Pspring.test.config=/builds/contenu/rcc/rcc/.gradle/test.properties
@dedece35 can give some example source code if need (to test it)

Expected behavior
Analysis in succes without exceptions.
Once correction OK, upgrade (if possible) SonarQube checks in code to avoid this kind of issue (make an audit of each rule to check Class Casts).

Screenshots
Please see log file.

Software Versions

• SonarQube Version: 9.8 (build 63668)
• Plugin Version: 0.2.1
• JDK version : 17

Describe the bug
I can't force to obtain this code smell: Avoid multiple if-else statement for a Java project.

To Reproduce
Steps to reproduce the behavior:

1. I downloaded the release 0.1.0 of ecoCode Sonar Plugin.
2. I followed all steps described in the documentation, in INSTALL.md file.
3. I created a Java project with a bad practice, as follow:

4. After create the SonarQube token, I analyze my Java project with these lines:

./gradlew sonarqube -Dsonar.projectKey=KC-Spring-Native -Dsonar.host.url=http://localhost:9000/ -Dsonar.login=<token_generated>

5. From the Logs perspective (Java App & Docker image) I didn't see any exception or error, seems the Analysis were performed successfully.

sonar_standard | 2022.12.16 23:57:39 INFO ce[][o.s.c.t.CeWorkerImpl] Execute task | project=KC-Spring-Native | type=REPORT | id=AYUdXzh92hVIDeT3_WTc | submitter=admin sonar_standard | 2022.12.16 23:57:41 INFO ce[AYUdXzh92hVIDeT3_WTc][o.s.c.t.s.ComputationStepExecutor] Extract report | status=SUCCESS | time=178ms ... sonar_standard | 2022.12.16 23:57:59 INFO ce[AYUdXzh92hVIDeT3_WTc][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Webhooks | globalWebhooks=0 | projectWebhooks=0 | status=SUCCESS | time=42ms sonar_standard | 2022.12.16 23:58:00 INFO ce[AYUdXzh92hVIDeT3_WTc][o.s.c.t.CeWorkerImpl] Executed task | project=KC-Spring-Native | type=REPORT | id=AYUdXzh92hVIDeT3_WTc | submitter=admin | status=SUCCESS | time=20734ms

6. However, I obtained these code smells using the default Java Profile (Sonar way), but not any ecoCode rule were applied:

7. Also I modified the file: tool_start.sh with these line (in order to be aligned with the generated token):

TOKEN=<token_generated> docker-compose start

Expected behavior
I expected to see an output similar to these one (but oriented to the Avoid multiple if-else statement), as follow:

Screenshots
See previous ones.

Software Versions

• MacOS Monterrey M1 12.3
• Docker Desktop 4.15.0
• SonarQube image: sonarqube:9.7-community (directly modified from docker-compose.yml)
• Plugin Version: 0.1.0 - 2022-12-14

Additional context

• For both services: sonar and db (in docker-compose.yml) I had to add this line:
  platform: linux/amd64
• Since I'm not using PHP nor Python, I commented these lines (in docker-compose.yml), as follow:
  type: bind source: ./php-plugin/target/ecocode-php-plugin-0.1.0-SNAPSHOT.jar target: /opt/sonarqube/extensions/plugins/ecocode-php-plugin-0.1.0-SNAPSHOT.jar type: bind source: ./python-plugin/target/ecocode-python-plugin-0.1.0-SNAPSHOT.jar target: /opt/sonarqube/extensions/plugins/ecocode-python-plugin-0.1.0-SNAPSHOT.jar

Thanks in advance for your support!

Is your feature request related to a problem? Please describe.
The java rule using a switch statement instead of multiple if-else conditions (more than one) with id cnumr-java:AMIES isn't really "good" for our society because the argument to change a single if statement to a switch statement is really not good. Please see followed captures :

Describe the solution you'd like

• for the moment, this rule is disabled in our SonarQube
• check why this rule is relevant in our plugin

what is your point of view @glalloue, @jules-delecour-dav, @jhertout, @olegoaer, @mdubois81 ?

We build the java ecocode plugin from the repository, put it in the extension folder of our 9.9 sonarqube (the latest version), restarted sonarqube.
The plugin can be seen in the administration panel, in the installed plugin section.
However, none of the rules are applied. I tested it on faulty code, (copying some of the code described as non compliant in the rules), and the ecodesign and ecocode tag are never shown.
Is there something specific to do to make the plugin work ?

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Software Versions

• SonarQube Version: [e.g. Version 7.8 (build 26217)]
• Plugin Version: [e.g. 1.1.0, or custom build from master at commit 004AD34FAA]

Additional context
Add any other context about the problem here.

I installed the plugin in my local SonarQube installation (v9.9).
I activated the "eco-conception" rules in my Quality Profile:

This Quality Profile is well "applied" to my project.

But the rules are no detecting code smells on my Python code :

Example in screenshot above for rules:

• S74: Don't use the query SELECT * FROM
• S72 : Avoid SQL request in loop
  I also tried, S34 (Avoid using try-catch-finally statement) without "success".

In order for the request for publication of the plugin on the SonarSource Marketplace (see: #63) to be validated, the "Quality Gate" must be "passed".
The latest analysis shows that a "Security Hotspot" must be fix:

https://sonarcloud.io/project/security_hotspots?id=green-code-initiative_ecoCode&sinceLeakPeriod=true

Is your feature request related to a problem? Please describe.
There is a lack on releasing automatically our plugin and make available plugin Jars with a tagged version.

Describe the solution you'd like
Use Github workflows to do automaticaly a release on push tag event

Describe alternatives you've considered
No other alternatives because it seems to be the best practice on github open-source projects

Additional context
The release notes would be automatically got from CHANGELOG.md file.
the same issue for ecocode-mobile project : green-code-initiative/ecoCode-android#12