이 문서는 SonarQube v6.4 기반의 문서로 아카이브 되었습니다.
최신 문서를 참조하십시오.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 3 Current »

SQ Official Doc Link: https://docs.sonarqube.org/display/SONAR/Tags

Table of Contents

태그(tag)를 사용해 규칙과 이슈들을 분류할 수 있습니다. 일부 태그들은 특정한 언어에서만 사용할 수 있지만, 대부분의 태그는 언어에 관계 없이 사용할 수 있습니다. 주로 상용하는 태그 목록 및 각 태그의 의미는 다음과 같습니다:

  • brain-overload - 한 순간에 고려해야할 사항이 너무 많음(즉, 너무 복잡함)
  • bad-practice - 해당 코드는 의도한 바와 비슷한 방식으로 동작하나, 일반적으로 해당 코드의 설계가 잘못된 방식으로 인식됨.
  • bug - 무언가가 잘못되어 프로덕션 이휴 영향을 미칠 가능성이 있음.
  • cert - relates to a rule in a CERT standard. There are currently three CERT standards: CC++, and Java. Many of these rules are not language-specific, but are good programming practices. That's why you'll see this tag on non-C/C++, Java rules.
  • clumsy - extra steps are used to accomplish something that could be done more clearly and concisely. (E.G. calling .toString() on a String).
  • confusing - will take maintainers longer to understand than is really justified by what the code actually does
  • convention - coding convention - typically formatting, naming, whitespace...
  • cwe - relates to a rule in the Common Weakness Enumeration. For more on CWE in SonarQube language plugins, and on security-related rules in general, see Security-related rules.
  • design - there is something questionable about the design of the code
  • lock-in - environment-specific features are used
  • misra - relates to a rule in one of the MISRA standards. While the MISRA rules are primarily about C and C++, many of them are not language-specific (E.G. don't use a float as a loop counter) but are simply good programming practices. That's why you'll see these tags on non-C/C++ rules.
  • owasp-.* - relates to a rule in the OWASP Top Ten security standards. Note, that the OWASP Top Ten is a list of high-level vulnerabilities which translates to many, many potential rules.
  • pitfall - nothing is wrong yet, but something could go wrong in the future; a trap has been set for the next guy, & he'll probably fall into it and screw up the code.
  • sans-top25-.* - relates to the SANS Top 25 Coding Errors, which are security-related. Note that  the SANS Top 25 list is pulled directly from the CWE.
  • security - relates to the security of an application. 
  • suspicious - it's not guaranteed that this is a bug, but it looks suspiciously like one. At the very least, the code should be re-examined & likely refactored for clarity.
  • unpredictable - the code may work fine under current conditions, but may fail erratically if conditions change.
  • unused - unused code, E.G. a private variable that is never used.
  • user-experience - there's nothing technically wrong with your code, but it may make some or all of your users hate you.
  • No labels

© 2017-2018 Moses Kim.

별도의 언급이 없는 한, 이 스페이스의 컨텐츠는 크리에이티브 커먼즈 저작자표시-비영리-동일조건변경허락 4.0 국제 라이선스에 따라 이용할 수 있습니다.
SONARQUBE는 SonarSource SA의 트레이드 마크입니다. 모든 트레이트 마크 및 저작권은 각 소유자의 소유물입니다.

::: SonarQube 관련 문의 : 이메일 :::