Troubleshooting of Sonar issue: Difference between revisions

Latest revision as of 22:47, 28 May 2025

Troubleshooting of SonarQube issue

What is SonarQube? SonarQube is an open-source platform for continuous code quality inspection using static program analysis to detect bugs and code smells across multiple programming languages. It provides automated analysis reports and integrates seamlessly with various development tools. (Source: Wikipedia)

SonarQube issues[edit]

How to resolve "Add a new line at the end of this file."[edit]

Error message: Files should contain an empty newline at the end^[1]

Solution:

Add new line at the end of this file

Another solution:

Add an new file add_newline_to_php_files.sh with the following content

#!/bin/bash

# Check if a directory path argument has been provided
if [ "$#" -ne 1 ]; then
    echo "Usage: ./add_newline_to_php_files.sh [Directory Path]"
    exit 1
fi

# Retrieve the directory path argument
dir_path="$1"

# Initialize a counter for modified files
modified_count=0

# Iterate through all .php files in the specified directory
for file in "$dir_path"/*.php; do
    # Check if the file exists
    if [ -f "$file" ]; then
        # Read the last line of the file
        last_line=$(tail -n 1 "$file")
        
        # Check if the last line is empty
        if [ "$last_line" != "" ]; then
            # If it's not empty, append a newline character
            echo "" >> "$file"
            # Increment the modified files counter
            ((modified_count++))
        fi
    fi
done

# Display the number of modified files
echo "Number of modified files: $modified_count"

Grant the execution permission chmod +x add_newline_to_php_files.sh
Usage ./add_newline_to_php_files.sh /path/to/php/directory_of_scripts

How to resolve "Define a constant instead of duplicating this literal"[edit]

Error condition which met "Define a constant instead of duplicating this literal" - violates DRY (Don't Repeat Yourself) principle and creates maintenance issues ^[2]

Original problematic code (Python):

def parse_date(row):
    if isinstance(row['time_field'], pd.Timestamp):
        formatted_date = row['time_field'].strftime("%Y-%m")
    elif isinstance(row['time_field'], str):
        date_obj = datetime.strptime(row['time_field'], "%Y-%m-%d %H:%M:%S")
        formatted_date = date_obj.strftime("%Y-%m")
    elif isinstance(row['time_field'], datetime):
        formatted_date = row['time_field'].strftime("%Y-%m")

Possible solution: define the constants

# Date format constants
DATE_FORMAT_YEAR_MONTH = "%Y-%m"

def parse_date(row):
    if isinstance(row['time_field'], pd.Timestamp):
        formatted_date = row['time_field'].strftime(DATE_FORMAT_YEAR_MONTH)
    elif isinstance(row['time_field'], str):
        date_obj = datetime.strptime(row['time_field'], "%Y-%m-%d %H:%M:%S")
        formatted_date = date_obj.strftime(DATE_FORMAT_YEAR_MONTH)
    elif isinstance(row['time_field'], datetime):
        formatted_date = row['time_field'].strftime(DATE_FORMAT_YEAR_MONTH)

Benefits:

Maintainability: Format strings can be updated in one central location
Consistency: All date formatting uses the same format definitions
Error Prevention: Reduces risk of typos in repeated string literals

How to resolve "Define and throw a dedicated exception instead of using a generic one"[edit]

Error condition which met "Define and throw a dedicated exception instead of using a generic one" ^[3]

if(is_null($some_variable)){
            $error = 'The variable $some_variable is not defined.';
            throw new Exception($error);
        }

Possible solution

if(!is_null($some_variable)){
            $error = 'The variable $some_variable is not defined.';
            throw new InvalidArgumentException($error);
        }

How to resolve "Merge this if statement with the enclosing one."[edit]

Example of Code Not Meeting Standards

if (isTrueCondition1) {
  if (isTrueCondition2) {
    ...
  }
}

Example of Code Meeting Standards

if (isTrueCondition1 && isTrueCondition2) {
  ...
}

Example of Code Not Meeting Standards

if (isTrueCondition1) {
  if (isTrueCondition2) {
    ...
  }

  if (isTrueCondition3) {
    ...
  }
}

Example of Code Meeting Standards

if (isTrueCondition1 && isTrueCondition2) {
    ...
}

if (isTrueCondition1 && isTrueCondition3) {
    ...
}

How to resolve "Method visibility should be explicitly declared"[edit]

Possible solution

Use a text editor that supports regular expressions
Find: ^(\s+)(function)(\s)
Replace with: $1public function$3

How to resolve "replace all tab characters in this file by sequences of white-spaces (Tabulation characters should not be used)"[edit]

Solution: Using the editor which supports regular expression^[4]

Replace \t
with (four whitespaces)

How to resolve "Refactor this function to reduce its Cognitive Complexity from XX to the 15 allowed."[edit]

Possible solution^[5]^[6]

Created smaller, more specific functions (following Single Responsibility Principle) to handle specific parts of the logic. Use these secondary functions to make the main function easier to read and understand.
Avoid nested conditionals
Simplify boolean expressions

How to resolve "This image might run with root as the default user. Make sure it is safe here."[edit]

🛑 Problem Condition

During the CI/CD process, security scanning tools such as Anchore or Checkmarx report the following warning:

This image might run with root as the default user. Make sure it is safe here.

This warning appears because the Docker image is configured to run as the root user by default, which poses a potential security risk—especially in production or publicly exposed environments.

✅ Solution

Modify the Dockerfile to create a non-root user and configure the container to run using this user. Here's a general example:

FROM alpine:3.19

# Create a non-root user and group =
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

# Create the working directory and set permissions =
RUN mkdir -p /app && chown -R appuser:appgroup /app

# Copy application files =
COPY app /app
WORKDIR /app

# Switch to the non-root user =
USER appuser

# Expose application port (if applicable) =
EXPOSE 80

# Start your application (example only) =
CMD ["your-app-command"]

💡 Explanation

By default, Docker containers run as the "root" user, which increases the risk of privilege escalation if an attacker exploits a vulnerability. To avoid the risk by creating a dedicated, unprivileged user and ensuring that your application directory has the correct ownership and permissions. Then, you configure the container to run under this non-root user.

References

Unresolved issues[edit]

SonarLint: Replace "require_once" with namespace import mechanism through the "use" keyword.

References[edit]

↑ Why should text files end with a newline?
↑ [Clean Code principles - Avoid Magic Numbers/Strings]
↑ CWE - CWE-397: Declaration of Throws for Generic Exception (4.12)
↑ Replace all tab characters in this file by sequences of white-spaces - Error in SonarCloud T-SQL - SonarCloud - Sonar Community
↑ How to fix your spaghetti code (and avoid it in the first place) | Compoze Labs
↑ Spaghetti code - Wikipedia

Troubleshooting of ...

Troubleshooting of Excel errors

PHP, cUrl, Python, selenium, HTTP status code errors

Database: SQL syntax debug, MySQL errors, MySQLTuner errors or PostgreSQL errors

Troubleshooting of regular expression

HTML/Javascript: Troubleshooting of javascript, XPath

Software: Mediawiki, Docker, FTP problems, online conference software

Test connectivity for the web service, Web Ping, Network problem, Web user behavior, Web scrape troubleshooting

Template

Bug report template

[1] Why should text files end with a newline?

[2] [Clean Code principles - Avoid Magic Numbers/Strings]

[3] CWE - CWE-397: Declaration of Throws for Generic Exception (4.12)

[4] Replace all tab characters in this file by sequences of white-spaces - Error in SonarCloud T-SQL - SonarCloud - Sonar Community

[5] How to fix your spaghetti code (and avoid it in the first place) | Compoze Labs

[6] Spaghetti code - Wikipedia

[1]

[2]

[3]

[4]

[5]

[6]

Troubleshooting of Sonar issue: Difference between revisions

Latest revision as of 22:47, 28 May 2025

Contents

SonarQube issues[edit]

How to resolve "Add a new line at the end of this file."[edit]

How to resolve "Define a constant instead of duplicating this literal"[edit]

How to resolve "Define and throw a dedicated exception instead of using a generic one"[edit]

How to resolve "Merge this if statement with the enclosing one."[edit]

How to resolve "Method visibility should be explicitly declared"[edit]

How to resolve "replace all tab characters in this file by sequences of white-spaces (Tabulation characters should not be used)"[edit]

How to resolve "Refactor this function to reduce its Cognitive Complexity from XX to the 15 allowed."[edit]

How to resolve "This image might run with root as the default user. Make sure it is safe here."[edit]

Unresolved issues[edit]

Further reading[edit]

References[edit]

Navigation menu

Troubleshooting of Sonar issue: Difference between revisions

Latest revision as of 22:47, 28 May 2025

SonarQube issues[edit]

How to resolve "Add a new line at the end of this file."[edit]

How to resolve "Define a constant instead of duplicating this literal"[edit]

How to resolve "Define and throw a dedicated exception instead of using a generic one"[edit]

How to resolve "Merge this if statement with the enclosing one."[edit]

How to resolve "Method visibility should be explicitly declared"[edit]

How to resolve "replace all tab characters in this file by sequences of white-spaces (Tabulation characters should not be used)"[edit]

How to resolve "Refactor this function to reduce its Cognitive Complexity from XX to the 15 allowed."[edit]

How to resolve "This image might run with root as the default user. Make sure it is safe here."[edit]

Unresolved issues[edit]

Further reading[edit]

References[edit]

Navigation menu

Search