What do I missed to apply for sonarqube custom rules using fxcop?

3
votes

I want to apply for my own sonarqube custom rule using fxcop. SonarScan succeeded with MSBuild, but sonarqube did not reflect the rule!

I referenced this url - https://github.com/DanielHWe/sonar-fxcop

I tried many times. please give some suggestion if you have experience about this problem.

  • My Development Environment

Visual Studio 2017

MSBuild 15

Sonarqube 6.7.7

SonarScanner for MSBuild 4.6.2

FxCop plugin 1.4.1

C# plugin(sonar) 7.15

First, I've set up sonarqube server below:

  1. I set up sonarqube 6.7.7 to localhost
  2. I added to fxcop plugin 1.4(https://community.sonarsource.com/t/new-release-fxcop-plugin-version-1-4/1430)
  3. I created fxcop custom rule template on sonarqube quality profiles

I've written below

Name : SampleCustomRule

Key : SampleCustomRule

Description : SampleCustomRule

CheckId : SK100

  1. I activated this rule on sonarqube rules

Second, I created sample fxcop custom rule(Visual Studio) below:

I referenced this video.(https://www.youtube.com/watch?v=arHybNYWj04)

  1. Create Class Library
  2. Add References(FxCopSdk, Microsoft.Cci)
  3. Create Sample rule .cs & rules.xml
  4. Create sign file(.pfx)
  5. Build project
  6. copy my assembly(.dll) to C:\Program Files (x86)\Microsoft Visual Studio 12.0\Team Tools\Static Analysis Tools\FxCop\Rules

Third, I executed MSBuild(SonarScanner)

  1. run as administrator(Developer Command Prompt for VS 2019)
  2. I entered command below

SonarScanner.MSBuild.exe begin /k:"ConsoleApp10" /n:"ConsoleApp10" /v:"3.6" /d:"sonar.cs.fxcop.assembly=C:\Users\ezcare\Desktop\FxCopTest\FxCopTest\bin\Debug\FxCopTest.dll" /d:"sonar.cs.fxcop.fxCopCmdPath=C:\Program Files (x86)\Microsoft Visual Studio 12.0\Team Tools\Static Analysis Tools\FxCop\FxCopCmd.exe" /d:"sonar.cs.fxcop.directory=C:\Users\ezcare\Desktop\FxCopTest\FxCopTest\bin\Debug"

MSBuild.exe C:\Users\ezcare\source\repos\ConsoleApp10 /t:Rebuild

SonarScanner.MSBuild.exe end

  1. The result was successed.

I checked the project which is inspected as my custom rule, but There wasn't any code smell or something.

below is my custom rule code(.cs & .xml)

using Microsoft.FxCop.Sdk;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

[assembly: CLSCompliant(true)]
namespace FxCopTest
{
    public class SampleCustomRule : BaseIntrospectionRule
    {
        public SampleCustomRule():
        base(@"SampleCustomRule", "FxCopTest.Rules", typeof(SampleCustomRule).Assembly)
        {

        }
        public override ProblemCollection Check(TypeNode type)
        {
            if(!type.Namespace.Name.StartsWith("SK", StringComparison.Ordinal))
            {
                var resolution = GetResolution(type.Name.Name);
                var problem = new Problem(resolution, type)
                {
                    Certainty = 100
                    //FixCategory = FixCategories.NonBreaking,
                    //MessageLevel = MessageLevel.Warning
                };
                base.Problems.Add(problem);

            }
            return base.Problems;
        }
    }
}


<?xml version="1.0" encoding="utf-8" ?>
<Rules>
  <Rule TypeName="SampleCustomRule" Category="CustomRules.Naming" CheckId="SK100">
    <Name>All type namespace should start with 'SK'</Name>
    <Description>SK</Description>
    <Resolution>The name of type {0} should start 'SK'</Resolution>
    <MessageLevel Certainty="100">Warning</MessageLevel>
    <FixCategories>NonBreaking</FixCategories>
    <Url/>
  </Rule>
</Rules>
1
c#sonarquberulesfxcop

1 Answers

0
votes

I wouldn't recommend writing new rules for C# or VB.NET using FxCop, particularly if you want to import issues into SonarQube.

Firstly, FxCop was replaced by the more powerful and easier to use Roslyn framework several years ago. Writing custom rules in Roslyn is simpler and there are many resources on the web to help you e.g. Getting Started with Roslyn Analyzers (if you've managed to write a custom rule in FxCop then you'll have no problem writing one using Roslyn!).

Secondly, SonarQube and the Scanner for MSBuild provide out-of-the-box support for importing issues from custom Roslyn analyzers as "external issues". Basically, that means if you package your new Roslyn analysis rules as a NuGet package then reference that NuGet package in the project you want to analyse, the Scanner for MSBuild will automatically upload the issues to SonarQube.

However, external issues have a few limitations as described in the SonarQube documentation - you can't configure the rules to be executed in the Quality Profile, you can't mark issues as false positive etc in the UI, and you are responsible for adding the custom Roslyn analyzer NuGet package to all of the MSBuild projects you want to analyse.

To get round all of these limitations, you can use the SonarQube Roslyn SDK to generate a custom SonarQube plugin jar that packages up your custom Roslyn analyzer. You don't need to write any code; just run RoslynSonarQubePluginGenerator.exe against your Roslyn NuGet package and it will create a plugin jar.

Once you install that generated custom SonarQube plugin into your SonarQube instance, you will be able to configure your rules in the Quality Profile, mark issues as FPs etc, and the Scanner for MSBuild will take care of executing your analysis rules as part of the build so you don't need to reference your custom Roslyn analyzer NuGet package from every MSBuild project you want to analyse.