missleading author for "duplicated code" issues / rules
407 views
Skip to first unread message
drywo...@gmail.com
Jul 6, 2016, 2:09:02 PM7/6/16
to SonarQube
Hi,
I just ran SonarQube on a couple of TypeScript and C# projects to see how well the CPD (code duplication detection) could give me the information about where and how duplicate code was produced in those projects.
What I was very surprised about is how SonarQube decides to assign issues that are created by the common-ts:DuplicatedBlocks and common-cs:DuplicatedBlocks to authors.
Those issues seem to be simply assigned by the SCM log's latest commit author (which might not be in any way related to the issue).
This means that if I'm the unlucky guy who just updated a single-line doc comment in a file that contains a 80% code duplication issue which is totally unrelated to my change, I have just become "proud" author of this 80% duplication issue and the technical debt that comes with it.
What I would have normally expected is that SonarQube should check many lines in the duplicated code where introduced by which person (based on SCM blame information) and then make the person that introduced the most lines of the duplicated block the rightful author of the duplication issue.
Is this a bug ? or is using SCM blame information too correctly identify the author simply to expensive during analysis ?
I'd really like to improve this feature to be able to more easily manage code duplication, so please let me know what you think about this behavior and what we should do to improve the meaningfulness of duplication issues' authors.
Thanks
Message has been deleted
drywo...@gmail.com
Jul 8, 2016, 8:27:23 AM7/8/16
to SonarQube, drywo...@gmail.com
I'm currently investigating what I could do to improve the above discribed situation and I now ended up looking into how I could get access to the necessary SCM blame & CPD data inside the DuplicatedBlocks rule definition to actually set a more rightful author for those kind of issues
(that is the place I figured where it would need to happen ... https://github.com/SonarSource/sonarqube/blob/2f2c558ffec0c57bcca9b83297fcbcfaf195eeb5/server/sonar-server/src/main/java/org/sonar/server/computation/issue/commonrule/CommonRule.java#L51)
Can somebody who knows give me some guidance please how I could access the Sonar ScmRepository data / CPD repository data and query blame information for the "Component file" that is handled within this rule code.
(I currently struggle to understand how SonarQube handles the SCM / CPD data that it collects and how I could access it from an entirely unrelated place in the code, such as this mentioned rule definition)
Thanks for any hints
Reply all
Reply to author
Forward
0 new messages