이 문서는 SonarQube v6.4 기반의 문서로 아카이브 되었습니다.
최신 문서를 참조하십시오.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Next »

SQ Official Doc Link: https://docs.sonarqube.org/display/SONAR/Tags


Tags are a way to categorize rules and issues. Some tags are language-specific, but many more appear across languages. Here is a non-comprehensive list of what they mean:

 

  • brain-overload - there is too much to keep in your head at one time
  • bad-practice - the code likely works as designed, but the way it was designed is widely recognized as being a bad idea.
  • bug - something is wrong and it will probably affect production
  • cert - relates to a rule in a CERT standard. There are currently three CERT standards: CC++, and Java. Many of these rules are not language-specific, but are good programming practices. That's why you'll see this tag on non-C/C++, Java rules.
  • clumsy - extra steps are used to accomplish something that could be done more clearly and concisely. (E.G. calling .toString() on a String).
  • confusing - will take maintainers longer to understand than is really justified by what the code actually does
  • convention - coding convention - typically formatting, naming, whitespace...
  • cwe - relates to a rule in the Common Weakness Enumeration. For more on CWE in SonarQube language plugins, and on security-related rules in general, see Security-related rules.
  • design - there is something questionable about the design of the code
  • lock-in - environment-specific features are used
  • misra - relates to a rule in one of the MISRA standards. While the MISRA rules are primarily about C and C++, many of them are not language-specific (E.G. don't use a float as a loop counter) but are simply good programming practices. That's why you'll see these tags on non-C/C++ rules.
  • owasp-.* - relates to a rule in the OWASP Top Ten security standards. Note, that the OWASP Top Ten is a list of high-level vulnerabilities which translates to many, many potential rules.
  • pitfall - nothing is wrong yet, but something could go wrong in the future; a trap has been set for the next guy, & he'll probably fall into it and screw up the code.
  • sans-top25-.* - relates to the SANS Top 25 Coding Errors, which are security-related. Note that  the SANS Top 25 list is pulled directly from the CWE.
  • security - relates to the security of an application. 
  • suspicious - it's not guaranteed that this is a bug, but it looks suspiciously like one. At the very least, the code should be re-examined & likely refactored for clarity.
  • unpredictable - the code may work fine under current conditions, but may fail erratically if conditions change.
  • unused - unused code, E.G. a private variable that is never used.
  • user-experience - there's nothing technically wrong with your code, but it may make some or all of your users hate you.
  • No labels

© 2017-2018 Moses Kim.

별도의 언급이 없는 한, 이 스페이스의 컨텐츠는 크리에이티브 커먼즈 저작자표시-비영리-동일조건변경허락 4.0 국제 라이선스에 따라 이용할 수 있습니다.
SONARQUBE는 SonarSource SA의 트레이드 마크입니다. 모든 트레이트 마크 및 저작권은 각 소유자의 소유물입니다.

::: SonarQube 관련 문의 : 이메일 :::