fix(sonarqube): resolve all quality gate failures introduced in PR #76#78
Merged
ThePlenkov merged 2 commits intomainfrom Mar 11, 2026
Merged
fix(sonarqube): resolve all quality gate failures introduced in PR #76#78ThePlenkov merged 2 commits intomainfrom
ThePlenkov merged 2 commits intomainfrom
Conversation
Contributor
|
View your CI Pipeline Execution ↗ for commit 9a12ee0
☁️ Nx Cloud last updated this comment at |
- Use node: prefix imports in service-key.ts, env.ts, aunit.ts, junit.ts - Fix nested template literals in service-key.ts, adapter.ts, aunit.ts, junit.ts - Replace String#replace() with String#replaceAll() in junit.ts, generate.ts, raw-schema.ts - Use String.raw for backslash escaping in generate.ts, raw-schema.ts - Replace parseFloat with Number.parseFloat in aunit.ts - Combine multiple Array#push() calls in junit.ts - Fix nested function depth (S2004) in service-key.ts - Reduce cognitive complexity in aunit.ts (extract convertAlerts, resolveTargets, displayFailedMethod, displaySummary) - Reduce cognitive complexity in junit.ts (extract buildTestCaseXml) - Reduce cognitive complexity in generate.ts and raw-schema.ts (extract toSingleQuoteLiteral) - Reduce cognitive complexity in ts-morph.ts (extract resolveElementType, findRefElement) - Mark 8 encrypt-data security hotspots in generated XSD schema files as Safe (XML namespace URIs) - Add sonar-project.properties to exclude generated schema files from duplication detection Co-authored-by: ThePlenkov <6381507+ThePlenkov@users.noreply.github.com>
|
Copilot
AI
changed the title
[WIP] Fix SonarQube findings in codebase
fix(sonarqube): resolve all quality gate failures introduced in PR #76
Mar 10, 2026
There was a problem hiding this comment.
Pull request overview
This PR addresses SonarQube quality gate failures introduced in PR #76 by reducing reported duplication on generated code and refactoring several TypeScript modules to satisfy code smell/security hotspot rules.
Changes:
- Added
sonar-project.propertiesto exclude generated schema output from Sonar CPD duplication checks. - Refactored string-literal generation and ts-morph codegen helpers to reduce complexity/duplication warnings.
- Applied Node built-in module
node:import prefixes and simplified nested template literal patterns across packages.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| sonar-project.properties | Excludes generated schema output from Sonar CPD duplication detection. |
| packages/ts-xsd/src/generators/raw-schema.ts | Extracts a helper for single-quote literal formatting to reduce smell findings. |
| packages/ts-xsd/src/codegen/generate.ts | Same single-quote literal helper extraction for codegen output formatting. |
| packages/ts-xsd/src/codegen/ts-morph.ts | Extracts helpers to reduce cognitive complexity and nesting. |
| packages/adt-client/src/adapter.ts | Flattens nested template literal usage when building Basic auth header. |
| packages/adt-auth/src/utils/env.ts | Switches built-in import to node:fs prefix. |
| packages/adt-auth/src/plugins/service-key.ts | Flattens nested template literal and callback nesting in PKCE flow. |
| packages/adt-aunit/src/formatters/junit.ts | Refactors JUnit XML generation to reduce complexity/nesting. |
| packages/adt-aunit/src/commands/aunit.ts | Extracts helpers to reduce cognitive complexity and nesting in AUnit command handling. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+158
to
+159
| server.close(); | ||
| resolve(tokenData); |
There was a problem hiding this comment.
In the success path, server.close() is async; resolving the PKCE promise immediately after calling close() can leave the HTTP server keeping the event loop alive (or the port still bound) for a short period. Prefer resolving only once the close completes (e.g., wrap server.close(cb) in a Promise and await it inside the timeout) so the command can reliably terminate after auth.
Suggested change
| server.close(); | |
| resolve(tokenData); | |
| new Promise<void>((resolveClose, rejectClose) => { | |
| server.close(err => (err ? rejectClose(err) : resolveClose())); | |
| }) | |
| .then(() => resolve(tokenData)) | |
| .catch(reject); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR #76 (service-key auth plugin) failed the SonarQube quality gate with 10 Security Hotspots and 22.5% duplication on new code, plus 30+ code smell issues.
Security Hotspots (8 marked Safe)
All 8
encrypt-datahotspots were in auto-generated XSD schema files (aunitResult.ts,aunitRun.ts,adtcoreObjectSets.ts,atcexemption.ts). The flagged strings are XML namespace URI identifiers (e.g.http://www.sap.com/adt/core) — opaque string constants, not HTTP connections.Duplication
Added
sonar-project.propertiesexcludingpackages/*/src/schemas/generated/**from copy-paste detection. These files are codegen output with structurally identical patterns by design.Code Smells
S7772 — Node.js built-in module prefix
Applied to
service-key.ts,env.ts,aunit.ts,junit.ts.S7781 / S7780 —
replaceAll+String.rawS4624 — Nested template literals
Extracted intermediate variables wherever an inner template was embedded in an outer one (e.g.
authHeaderinadapter.ts, OAuth error message inservice-key.ts).S3776 — Cognitive complexity
Reduced by extracting focused helpers:
aunit.ts:convertAlerts(),resolveTargets(),displayFailedMethod(),displaySummary()junit.ts:buildTestCaseXml()ts-morph.ts:resolveElementType(),findRefElement()S2004 — Function nesting > 4 levels
In
service-key.ts, theserver.close(() => resolve(tokenData))callback pattern was flattened to sequential calls inside thesetTimeoutbody.S7773 / S7778 — Misc
parseFloat→Number.parseFloat; consecutiveArray#push()calls merged into one.Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/1e6ff50f-723b-4089-b5f2-65b5b8586f2f/home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx build adt-auth remo�� get-url origin rkflows.sh --noprofile -c /usr/bin/mkdir infocmp -1 REDACTED mkdir de/node/bin/bash tmp ripts/log-tool-c-c de/node/bin/bashhusky bash(http block)https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/6f5798f5-33c9-4ed0-8e0a-fb254ebaae6f/home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx lint adt-aunit ation/plugin-worker CHA20_POLY1305_S13714 sh i/node_modules/.bin/node node postinstallbash bash /usr/sbin/iptabl--noprofile ache/node/24.14.0/x64/bin/node 0/x6�� -1-219.876724.sock i/packages/ts-xsd/src/codegen/cli.ts i/node_modules/@esbuild/linux-x64/bin/esbuild i/packages/ts-xsbash security(http block)https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/6f5798f5-33c9-4ed0-8e0a-fb254ebaae6f-logs/home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx lint adt-aunit ation/plugin-worker CHA20_POLY1305_S13714 sh i/node_modules/.bin/node node postinstallbash bash /usr/sbin/iptabl--noprofile ache/node/24.14.0/x64/bin/node 0/x6�� -1-219.876724.sock i/packages/ts-xsd/src/codegen/cli.ts i/node_modules/@esbuild/linux-x64/bin/esbuild i/packages/ts-xsbash security(http block)https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/7d4c72db-ebb1-48b9-96e1-153450d967a2-logs/home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx build adt-client ts-xsd REDACTED infocmp h REDACTED bash nfig/composer/vepid bash --no�� --noprofile gh ndor/bin/bash /repos/abapify/aps --jq(http block)https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/81031719-ee45-467f-85ba-d24f0286ee41/home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx lint adt-auth -c che bash k/_temp/ghcca-node/node/bin/bash --noprofile -c(http block)https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/81031719-ee45-467f-85ba-d24f0286ee41-logs/home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx lint adt-auth -c che bash k/_temp/ghcca-node/node/bin/bash --noprofile -c(http block)https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/82e18fd8-c46d-4135-9bb4-5c2edcb6c5af/home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx lint ts-xsd ation/plugin-worker "tsdown" -nodes/project-json i/node_modules/@esbuild/linux-x64/bin/esbuild ts o.test.ts .ts i/node_modules/@-c test�� test.ts test.ts ult.test.ts --arg ts t.ts trip.test.ts tes--no-headers(http block)https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/82e18fd8-c46d-4135-9bb4-5c2edcb6c5af-logs/home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx lint ts-xsd ation/plugin-worker "tsdown" -nodes/project-json i/node_modules/@esbuild/linux-x64/bin/esbuild ts o.test.ts .ts i/node_modules/@-c test�� test.ts test.ts ult.test.ts --arg ts t.ts trip.test.ts tes--no-headers(http block)https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/f93ef292-659c-4f8b-aca9-3c5e35fd149c/home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx build adt-aunit --no�� uns?branch=copilot%2Ffix-sonarqube-findings&status=waiting -c ripts/log-tool-calls.sh s|.*github\.com[sh git alls.sh jq -c --arg ts de/node/bin/bash $ts} /sadc alls.sh bash(http block)https://storage.googleapis.com/prod-north-america/69ab0980542defed8d2aa8f4/fac86440-360f-47a0-a7ee-7e0c48e1d940/home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/adt-cli/adt-cli/node_modules/.bin/nx build adt-aunit --no�� uns?branch=copilot%2Ffix-sonarqube-findings&status=waiting -c ripts/log-tool-calls.sh s|.*github\.com[sh git alls.sh jq -c --arg ts de/node/bin/bash $ts} /sadc alls.sh bash(http block)If you need me to access, download, or install something from one of these locations, you can either:
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.