Skip to content

fix(sonarqube): resolve all quality gate failures introduced in PR #76#78

Draft
Copilot wants to merge 2 commits intomainfrom
copilot/fix-sonarqube-findings
Draft

fix(sonarqube): resolve all quality gate failures introduced in PR #76#78
Copilot wants to merge 2 commits intomainfrom
copilot/fix-sonarqube-findings

Conversation

Copy link
Contributor

Copilot AI commented Mar 10, 2026
edited
Loading

PR #76 (service-key auth plugin) failed the SonarQube quality gate with 10 Security Hotspots and 22.5% duplication on new code, plus 30+ code smell issues.

Security Hotspots (8 marked Safe)

All 8 encrypt-data hotspots were in auto-generated XSD schema files (aunitResult.ts, aunitRun.ts, adtcoreObjectSets.ts, atcexemption.ts). The flagged strings are XML namespace URI identifiers (e.g. http://www.sap.com/adt/core) — opaque string constants, not HTTP connections.

Duplication

Added sonar-project.properties excluding packages/*/src/schemas/generated/** from copy-paste detection. These files are codegen output with structurally identical patterns by design.

Code Smells

S7772 — Node.js built-in module prefix

// before
import { createServer } from 'http';
// after
import { createServer } from 'node:http';

Applied to service-key.ts, env.ts, aunit.ts, junit.ts.

S7781 / S7780 — replaceAll + String.raw

// before
return `'${json.slice(1, -1).replace(/\\"/g, '"').replace(/'/g, "\\'")}'`;
// after — extracted helper used in generate.ts and raw-schema.ts
function toSingleQuoteLiteral(jsonStr: string): string {
  return `'${jsonStr.slice(1, -1).replaceAll('\\"', '"').replaceAll("'", String.raw`\'`)}'`;
}

S4624 — Nested template literals
Extracted intermediate variables wherever an inner template was embedded in an outer one (e.g. authHeader in adapter.ts, OAuth error message in service-key.ts).

S3776 — Cognitive complexity
Reduced by extracting focused helpers:

  • aunit.ts: convertAlerts(), resolveTargets(), displayFailedMethod(), displaySummary()
  • junit.ts: buildTestCaseXml()
  • ts-morph.ts: resolveElementType(), findRefElement()

S2004 — Function nesting > 4 levels
In service-key.ts, the server.close(() => resolve(tokenData)) callback pattern was flattened to sequential calls inside the setTimeout body.

S7773 / S7778 — Misc
parseFloatNumber.parseFloat; consecutive Array#push() calls merged into one.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/1e6ff50f-723b-4089-b5f2-65b5b8586f2f
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx build adt-auth remo�� get-url origin rkflows.sh --noprofile -c /usr/bin/mkdir infocmp -1 REDACTED mkdir de/node/bin/bash tmp ripts/log-tool-c-c de/node/bin/bashhusky bash (http block)
  • https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/6f5798f5-33c9-4ed0-8e0a-fb254ebaae6f
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx lint adt-aunit ation/plugin-worker CHA20_POLY1305_S13714 sh i/node_modules/.bin/node node postinstallbash bash /usr/sbin/iptabl--noprofile ache/node/24.14.0/x64/bin/node 0/x6�� -1-219.876724.sock i/packages/ts-xsd/src/codegen/cli.ts i/node_modules/@esbuild/linux-x64/bin/esbuild i/packages/ts-xsbash security (http block)
  • https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/6f5798f5-33c9-4ed0-8e0a-fb254ebaae6f-logs
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx lint adt-aunit ation/plugin-worker CHA20_POLY1305_S13714 sh i/node_modules/.bin/node node postinstallbash bash /usr/sbin/iptabl--noprofile ache/node/24.14.0/x64/bin/node 0/x6�� -1-219.876724.sock i/packages/ts-xsd/src/codegen/cli.ts i/node_modules/@esbuild/linux-x64/bin/esbuild i/packages/ts-xsbash security (http block)
  • https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/7d4c72db-ebb1-48b9-96e1-153450d967a2-logs
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx build adt-client ts-xsd REDACTED infocmp h REDACTED bash nfig/composer/vepid bash --no�� --noprofile gh ndor/bin/bash /repos/abapify/aps --jq (http block)
  • https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/81031719-ee45-467f-85ba-d24f0286ee41
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx lint adt-auth -c che bash k/_temp/ghcca-node/node/bin/bash --noprofile -c (http block)
  • https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/81031719-ee45-467f-85ba-d24f0286ee41-logs
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx lint adt-auth -c che bash k/_temp/ghcca-node/node/bin/bash --noprofile -c (http block)
  • https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/82e18fd8-c46d-4135-9bb4-5c2edcb6c5af
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx lint ts-xsd ation/plugin-worker "tsdown" -nodes/project-json i/node_modules/@esbuild/linux-x64/bin/esbuild ts o.test.ts .ts i/node_modules/@-c test�� test.ts test.ts ult.test.ts --arg ts t.ts trip.test.ts tes--no-headers (http block)
  • https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/82e18fd8-c46d-4135-9bb4-5c2edcb6c5af-logs
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx lint ts-xsd ation/plugin-worker "tsdown" -nodes/project-json i/node_modules/@esbuild/linux-x64/bin/esbuild ts o.test.ts .ts i/node_modules/@-c test�� test.ts test.ts ult.test.ts --arg ts t.ts trip.test.ts tes--no-headers (http block)
  • https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/f93ef292-659c-4f8b-aca9-3c5e35fd149c
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx build adt-aunit --no�� uns?branch=copilot%2Ffix-sonarqube-findings&status=waiting -c ripts/log-tool-calls.sh s|.*github\.com[sh git alls.sh jq -c --arg ts de/node/bin/bash $ts} /sadc alls.sh bash (http block)
  • https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/fac86440-360f-47a0-a7ee-7e0c48e1d940
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx build adt-aunit --no�� uns?branch=copilot%2Ffix-sonarqube-findings&status=waiting -c ripts/log-tool-calls.sh s|.*github\.com[sh git alls.sh jq -c --arg ts de/node/bin/bash $ts} /sadc alls.sh bash (http block)

If you need me to access, download, or install something from one of these locations, you can either:

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@nx-cloud
Copy link
Contributor

nx-cloud bot commented Mar 10, 2026
edited
Loading

View your CI Pipeline Execution ↗ for commit 9a12ee0

Command Status Duration Result
nx lint ts-xsd ✅ Succeeded <1s View ↗
nx lint adt-auth ✅ Succeeded <1s View ↗
nx lint adt-aunit ✅ Succeeded <1s View ↗
nx build adt-client --verbose ✅ Succeeded <1s View ↗
nx build adt-aunit ✅ Succeeded 20s View ↗
nx build adt-auth ✅ Succeeded 3s View ↗

☁️ Nx Cloud last updated this comment at 2026-03-10 07:35:51 UTC

@ThePlenkov
fix(sonarqube): fix code quality issues from PR #76
9a12ee0 
- Use node: prefix imports in service-key.ts, env.ts, aunit.ts, junit.ts
- Fix nested template literals in service-key.ts, adapter.ts, aunit.ts, junit.ts
- Replace String#replace() with String#replaceAll() in junit.ts, generate.ts, raw-schema.ts
- Use String.raw for backslash escaping in generate.ts, raw-schema.ts
- Replace parseFloat with Number.parseFloat in aunit.ts
- Combine multiple Array#push() calls in junit.ts
- Fix nested function depth (S2004) in service-key.ts
- Reduce cognitive complexity in aunit.ts (extract convertAlerts, resolveTargets, displayFailedMethod, displaySummary)
- Reduce cognitive complexity in junit.ts (extract buildTestCaseXml)
- Reduce cognitive complexity in generate.ts and raw-schema.ts (extract toSingleQuoteLiteral)
- Reduce cognitive complexity in ts-morph.ts (extract resolveElementType, findRefElement)
- Mark 8 encrypt-data security hotspots in generated XSD schema files as Safe (XML namespace URIs)
- Add sonar-project.properties to exclude generated schema files from duplication detection

Co-authored-by: ThePlenkov <6381507+ThePlenkov@users.noreply.github.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 10, 2026

Quality Gate Passed Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
2.6% Duplication on New Code

See analysis details on SonarQube Cloud

Copilot AI changed the title [WIP] Fix SonarQube findings in codebase fix(sonarqube): resolve all quality gate failures introduced in PR #76 Mar 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@ThePlenkov ThePlenkov

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ThePlenkov