Hello
Within the ABP framework, there is a lot of code that carries SonarQube risks. Some of these were created with the ABP Suite, while others date back to the project's inception. Do we need to make custom updates to these codes? Or will future updates include risk fixes for these codes as well? Especially for codes created with the suite!
I would like to know about your policies in this regard. I am attaching some examples that involve (maintable) high risk below.
Rename parameter 'builder' to 'modelBuilder' to match the base class declaration.
DemoDbContext.cs High Parameter names should match base declaration and other partial definitions[csharpsquid:S927]
protected override void OnModelCreating(ModelBuilder builder)
Remove this unread private field '_currentTenant' or refactor the code to use its value.
DemoDbMigrationService.cs High Unread "private" fields should be removed[csharpsquid:S4487]
private readonly ICurrentTenant _currentTenant;
Refactor this method to reduce its Cognitive Complexity from 63 to the 15 allowed.
OpenIddictDataSeedContributor.cs High Cognitive Complexity of methods should not be too high[csharpsquid:S3776]
private async Task CreateApplicationAsync()
{
// refactor
}
Add a nested comment explaining why this method is empty, throw a 'NotSupportedException' or complete the implementation.
CookiePolicy.cshtml.cs High Methods should not be empty [csharpsquid:S1186]
public void OnGet()
{
}
Unexpected var, use let or const instead.
HostDashboard.js High Variables should be declared with "let" or "const"[javascript:S3504]
var $dateRangePicker = $('#DashboardFilterForm .date-range-picker');
1 Answer(s)
-
0
hi
These SonarQube High issues are not security vulnerabilities. They are mainly code smells / maintainability warnings (naming consistency, unused fields, empty methods, cognitive complexity, JS style rules, etc.).
For ABP framework internal code, some of these may be improved gradually in future ABP releases.
For code already generated by ABP Suite or existing in your project, upgrading ABP will not automatically change it—those fixes need to be applied manually if you choose to. However, these won't cause any problems for the application.
Thanks.
