unused assignments should be removed sonarqube

This version of the SonarQube documentation is no longer maintained. It relates to a version of SonarQube that is not active.

Was this page helpful?

On this page

.css-4ebt6d{position:relative;--tw-text-opacity:1;color:rgb(0 0 0 / var(--tw-text-opacity));} overview .css-abpesc{width:2rem;display:none;margin-left:0.5rem;fill:#5f656d;}.css-abpesc:hover{fill:#290042;}.

While running an analysis, SonarQube raises an issue every time a piece of code breaks a coding rule. The set of coding rules are defined by the associated  Quality Profile  for each language in the project.

Issue types

There are three types of issues:

• Bug : A coding mistake that can lead to an error or unexpected behavior at runtime.
• Vulnerability : A point in your code that's open to attack.
• Code Smell : A maintainability issue that makes your code confusing and difficult to maintain.

Issue severity .css-p7dib0{width:1.75rem;display:none;margin-left:0.5rem;fill:#5F656D;}.css-p7dib0:hover{fill:#290042;}

Each issue has one of five severities:

• BLOCKER : Bug with a high probability to impact the behavior of the application in production. For example, a memory leak, or an unclosed JDBC connection are BLOCKERs that must be fixed immediately .
• CRITICAL : Either a bug with a low probability to impact the behavior of the application in production or an issue that represents a security flaw. An empty catch block or SQL injection would be a CRITICAL issue. The code must be reviewed immediately .
• MAJOR : A quality flaw that can highly impact the developer's productivity. An uncovered piece of code, duplicated blocks, or unused parameters are examples of MAJOR issues.
• MINOR : A quality flaw that can slightly impact the developer's productivity. For example, lines should not be too long, and "switch" statements should have at least 3 cases, are both be considered MINOR issues.
• INFO : Neither a bug nor a quality flaw, just a finding.

Ideally, the team wouldn't introduce any new issues (new technical debt).  SonarLint  helps developers by performing local analyses to check code before pushing it back to the SCM. But in real life, it's not always possible to code without any new technical debt, and sometimes it's not worth it.

So new issues do get introduced.

Understanding issue context

Sometimes, issues are self-evident once they're pointed out. For instance, if your team has agreed to an init-lower, camelCase variable naming convention, and an issue is raised on  My_variable , you don't need a lot of background information to understand the problem. In other situations, context may be essential to understanding why an issue was raised. That's why SonarQube supports not only the primary issue location where the issue message is shown but also secondary issue locations. For instance, secondary issue locations are used to mark the pieces of code in a way that adds Cognitive Complexity to a method.

However, there are times when a simple laundry list of contributing locations isn't enough to understand an issue. For instance, when a null pointer can be dereferenced on some paths through the code, what you really need are issue flows. Each flow is a  set   of secondary locations ordered to show the exact path through the code on which a problem can happen. SonarQube supports multiple flows because there can be multiple paths through the code on which a resource is not released.

Check out this video  for more information about understanding issues with multiple locations.

Issues lifecycle

After creation, issues flow through a lifecycle, taking one of the following statuses:

• Open : set by SonarQube on new issues.
• Confirmed : set manually to indicate that the issue is valid.
• Resolved : set manually to indicate that the next analysis should Close the issue.
• Reopened : set automatically by SonarQube when a Resolved issue hasn't actually been corrected.
• Closed : set automatically by SonarQube for automatically created issues.

Resolutions

Closed issues will have one of the following resolutions:

• Fixed : set automatically when a subsequent analysis shows that the issue has been corrected or the file is no longer available (removed from the project, excluded from a project, or renamed).
• Removed : set automatically when the related rule is no longer available. The rule may not be available either because it has been removed from the Quality Profile or because the underlying plugin has been uninstalled.

Resolved issues will have one of the following resolutions:

• False Positive : set manually.
• Won't Fix : set manually.

Issue workflow

Issues are automatically closed (Status: Closed) when:

• an issue of any status has been properly fixed = Resolution: Fixed
• an issue no longer exists because the related coding rule has been deactivated or is no longer available (for example, the plugin has been removed) = Resolution: Removed

Issues are automatically reopened (Status: Reopened) when:

• an issue that was manually Resolved as Fixed , and not a labeled as False positive, is shown by a subsequent analysis to still exist.

Understanding which issues are "new"

To determine the creation date of an issue, an algorithm is executed during each analysis to determine whether an issue is new or existed previously. This algorithm relies on content hashes (excluding whitespace) for the line the issue is reported on. For multi-line issues, the hash of the first line is used. For each file (after the detection of file renaming), the algorithm takes the base list of issues from the previous analysis and tries to match those issues with the raw issue list reported by the new analysis . The algorithm tries to first match using the strongest evidence and then falls back to weaker heuristics.

• If the issue is on the same rule, with the same line number and with the same line hash (but not necessarily with the same message) : MATCH
• Detect block move inside the file, then if the issue is on the same (moved) line and on the same rule (but not necessarily with the same message) : MATCH
• On the same rule, with the same message and with the same line hash (but not necessarily with the same line) : MATCH
• On the same rule, with the same message and with the same line number (but not necessarily with the same line hash) : MATCH
• On the same rule and with the same line hash (but not the same message and not the same line) : MATCH
• Is there a matching  CLOSED  issue : MATCH and Reopen

Unmatched "base" issues are closed and considered as Fixed .

Unmatched "raw" issues are considered new .

Understanding issue backdating

Once an issue has been determined to be "new" as described above, the next question is what date to give it. For instance, what if the issue has existed in code for a long time but was only found in the most recent analysis because new rules were added to the profile? Should this issue be given the date of the last change on its line, or the date of the analysis where it was first raised? That is, should it be backdated? If the date of the last change to the line is available (this requires  SCM integration ) then under these circumstances, the issue will be backdated:

• On the first analysis of a project or branch.
• When the rule is new in the profile (a brand new rule activated or a rule that was deactivated and is now activated).
• When SonarQube has just been upgraded (because rule implementations could be smarter now).
• When the rule is external.

As a consequence, it is possible that backdating will keep newly raised issues out of New code .

Automatic issue assignment

For bug, vulnerability, and code smells.

New issues are automatically assigned during analysis to the last committer on the issue line if the committer can be correlated to a SonarQube user. Note that currently, issues on any level above a file, for example, issues reported at a directory or project level, cannot be automatically assigned.

User correlation

Login and email correlations are made automatically. For example, if the user commits with their email address and that email address is part of their SonarQube profile, then new issues raised on lines where the user was the last committer will be automatically assigned to the user.

Additional correlations can be made manually in the user's profile. Please see the documentation on Security under the Authorization header for more details.

Known limitation

If the SCM login associated with an issue is longer than 255 characters including the characters for an issue author , the author will be left blank.

Issue edits

SonarQube's issues workflow can help you manage your issues. There are seven different things you can do to an issue (other than fixing it in the code!): Comment, Assign, Confirm, Change Severity, Resolve, Won't Fix, and False Positive.

These actions break out into three different categories.

Technical review

The Confirm, False Positive, Won't Fix, Severity change, and Resolve actions all fall into this category which presumes an initial review of an issue to verify its validity. Assume that it's time to review the technical debt added in the last review period; this time period could be a day, a week, or an entire sprint. You go through each new issue and assign one of the following:

• Confirm : By confirming an issue, you basically say "Yep, that's a problem." Doing so moves it out of "Open" status to Confirmed .
• False Positive : Looking at the issue in context, you realize that for whatever reason, this issue isn't actually a problem. So you mark it as a False Positive and move on. This review assignment requires Administer Issues permission level on the project.
• Severity change : This is the middle ground between the first two options. Yes, it's a problem but it's not as bad a problem as the rule's default severity makes it out to be. Or perhaps it's actually a far worse problem. Either way, you adjust the severity of the issue to bring it in line with what you feel it deserves. This review assignment requires Administer Issues permission level on the project.
• Won't Fix : Looking at the issue in context, you realize that while it's a valid issue, it's not one that actually needs fixing. In other words, it represents accepted technical debt. So you mark it as Won't Fix and move on. This review assignment requires Administer Issues permission level on the project.
• Resolve : If you think you've fixed an open issue, you can Resolve it. If you're correct, the next analysis will move it to closed status. If you're wrong, it's status will go to re-opened.

If you tend to mark a lot of issues as False Positive or Won't Fix , it means that some coding rules are not appropriate for your context. You can either completely deactivate issues in the Quality profile or use issue exclusions to narrow the focus of the rules so they are not used on specific parts (or types of objects) of your application; check out the documentation on defining the analysis scope for more details about inclusions and exclusions. Similarly, making a lot of severity changes should prompt you to consider updating the rule severities in your profiles.

As you edit issues, the related metrics, for example, new bugs being reported, will update automatically; as will the Quality gate status if it's relevant.

False-Positive and Won't Fix You can mark individual issues False Positive or Won't Fix through the issues interface. If you're using PR analysis provided by the Developer Edition, issues marked False Positive or Won't Fix will retain that status after merge. This is the preferred approach.

//NOSONAR For most languages, SonarQube supports the use of the generic mechanism: //NOSONAR at the end of the line of the issue. This will suppress all issues - now and in the future - that might be raised on the line.

Dispositioning

Once issues have been through technical review, it's time to decide who's going to deal with them. By default, issues are assigned to the last committer on the issue line (at the time the issue is raised), but you can certainly reassign them to yourself or to someone else. The assignee will receive an email notification of the assignment but only if they signed up for notifications, and the assignment will show up everywhere the issue is displayed, including in the My Issues list in the My Account space.

At any time during the lifecycle of an issue, you can log a comment on it. Comments are displayed in the issue detail in a running log. You have the ability to edit or delete the comments you made.

You can also edit an issue's tags. Issues inherit the tags of the rules that created them, but the tag set on an issue is fully editable. Tags can be created, added, and removed at will for users with the Browse permission level on the project.

Although they are initially inherited from the relevant rule, issue tags are not synchronized with the rule therefore, adding tags to a rule will not add those tags to the rule's issues .

Bulk change

All of these changes and more can be made to multiple issues at once using the Bulk Change option in the issues search results pane.

Purging closed issues

By default, Closed issues are kept for 30 days. For more details, please see  Housekeeping .

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

SonarQube + lombok says removed unused private field

Hey Sonar, my company is using SonarQube(Developer Edition - Version 10.4.1) and using lombok annotation for our entities. But when it comes to the sonarqube report it says:

Unused “private” fields should be removed

So we have added this content in our lombok.config file for all our repositories:

But even with this added the same issue happens and one of the repository the coverage dropped by 0.2%

We want to avoid SonarQube from scanning lombok annotations and creating issues related to it

This issue ( SONARJAVA-4933 ) should be fixed in the upcoming SonarQube 10.6.

For now you can mark the issues as false-positives, or turn off the rule if it is too noisy.

Ah I see. Thank you so much

Wanted to ask, we will still need the lombok.config file?

My understanding is that this configuration only related to calculating coverage (something JaCoCo will do, and SonarQube only imports the report of).

So you probably want to keep it here.

It will not affect the execution of Sonar rules.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Navigation Menu

Search code, repositories, users, issues, pull requests..., provide feedback.

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly.

To see all available qualifiers, see our documentation .

• Notifications You must be signed in to change notification settings

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unused method parameters should be removed with Tuples and Dictionaries #4069

bdovaz commented Feb 16, 2021

costin-zaharia-sonarsource commented Mar 12, 2021 • edited Loading

Sorry, something went wrong.

No branches or pull requests

IDE extension that lets you fix coding issues before they exist!

Setup is effortless and analysis is automatic for most languages

Self-Hosted

Fast, accurate analysis; enterprise scalability

Why is this an issue?

Unnecessary imports refer to importing modules, libraries, or dependencies that are not used or referenced anywhere in the code. These imports do not contribute to the functionality of the application and only add extra weight to the JavaScript bundle, leading to potential performance and maintainability issues.

To mitigate the problems associated with unnecessary imports, you should regularly review and remove any imports that are not being used. Modern JavaScript build tools and bundlers often provide features like tree shaking, which eliminates unused code during the bundling process, resulting in a more optimized bundle size.

How to Properly Dispose of Unused Medications

We've all been there. You open the medicine cabinet and realize there are pill bottles, ointments, and other medications that have been sitting around for who knows how long. While tossing them in the trash is tempting, there are good reasons to look for alternatives.

For example, throwing unneeded or expired medication into the trash increases the risk of accidental poisoning or misuse. Medication can also contaminate the water supply and harm wildlife.

So, what should you do with old meds?

The single best option for getting unwanted or expired medications out of your home is drug take-back locations.

These drug take-back boxes, which can be found at most pharmacies and in the lobby of SVMC, are designed for easy use. You can drop your unused or expired controlled substances, non-controlled substances, or even over-the-counter medications into the one-way medicine drop. 

You do not need to remove personal information before disposing of the prescription medication, but you can if you desire to do so. All take-back box contents are disposed of in a way that protects personal information.

To find a take-back location near you, click here .

If you can't access a take-back location, you can access disposable ship-back envelopes from your provider's office, SVMC, or local law enforcement. Before you consider flushing a medication down the toilet, speak with your pharmacist to see if doing so is safe for the environment.

It's important to note that the FDA, a trusted authority in healthcare, maintains a comprehensive ' flush list '. This list includes all the medications that, as a last resort, may be safely disposed of in this manner.

Because disposing of medicines in this manner raises questions about the potential environmental impact and/or the contamination of surface and drinking water supplies, the FDA only includes medicines that are highly sought-after for their misuse and/or abuse potential as well as those that can result in death from one dose if inappropriately taken on the list.

The FDA believes that the known risk of harm, including toxicity and death, to humans from accidental exposure to medicines on the flush list far outweighs any potential risk to human health and the environment from flushing these unused or expired medicines.  

For information on the FDA’s research re: which drugs to include on the flush list, click here .   

If your medication is not on this list and you’re still unable to access a take-back location or envelope, the FDA recommends following these steps to safely dispose of medication in your home trash.

1. Mix medicines (liquid or pills; do not crush tablets or capsules) with an unappealing substance such as dirt, cat litter, or used coffee grounds

2. Place the mixture in a container such as a sealed plastic bag

3. Throw away the container in your trash at home

4. Delete all personal information on the prescription label of empty medicine bottles or medicine packaging with a black permanent marker or scratching it off, then trash or recycle as appropriate

Robert F. Sherman, Jr. PharmD, MHA, RPh is the Director of Pharmacy Services at Southwestern Vermont Medical Center.

Theme picker

Meet dr. disha spath.

Dr. Disha Spath, an internal medicine physician originally from Georgia, was excited to start a new position at Twin Rivers Medical, P.C., in Hoosick Falls, NY, on April 20th. But then COVID-19 struck. As practice appointments plummeted and the potential for a surge of COVID-19 patients rose, Dr. Spath volunteered to take a temporary assignment serving in-patients with SVMC’s Hospital Medicine Department.

SVMC: Already new to the health system, what was it like to have your plans change from practice-based medicine to hospital medicine so suddenly? DS: Well, to be honest, it was a little scary given the times. I had to come to terms with the fact that I could possibly expose my family to SARS-CoV-2. My husband and I had some tough conversations and came up with a risk-mitigation strategy… [Then] I actually reached out to Trey, [the chief medical officer,] and volunteered to help out in the hospital. I've been a primary care physician recently, but I'm not too far removed from hospital medicine. In fact, I was already planning on picking up some per diem hospitalist work later this year. I just decided to move the timeline forward a bit to help with COVID-19.  This is what I'm trained for. I felt it was my duty to step up and help during the pandemic.  

SVMC: How has it been working with the hospitalists to treat both COVID and non-COVID patients? DS: The hospitalists have been so kind and generous. They have really taken the time to bring me up to speed with the hospital and have been very gracious with training me on the computer system. I am really thankful that they have included me in their top-notch team. I'm also so very impressed by how involved and thoughtful the leadership is. The way the hospital leadership has ensured adequate PPE for staff and has created the workflows so quickly to deal with COVID-19 is truly inspiring.  

SVMC: What have you noticed or learned about the culture of the health system or the area? DS: I am really struck by how everyone is so interconnected and how supportive the community is of its healthcare staff. It is very touching to see all the donations of homemade masks, skullcaps, and food to the hospital. I also love that the hospital staff seems to know their patients' home situations and their medical histories so well. 

SVMC: How do you expect your work at Twin Rivers will be affected by your having started your position at the hospital?   DS: Yes, since hospitalists and primary care physicians often hand off patients, I'm really looking forward to building rapport with the hospitalists. I'm also hoping to meet the specialists I will be referring to. It will be helpful to have an insight into the workflow of the hospital when I refer patients for admission. And I'm already starting to meet some of our lovely patients in Hoosick Falls. Overall, I believe this will be a really positive thing for my work at Twin Rivers. I'm honored to join the area and I hope I can contribute positively to this special community.  

NATIONAL AND STATE RESOURCES: 

Vermont Department of Health

New York Department of Health

Massachusetts Department of Public Health

IN THIS SECTION: 

Hotline and Other Numbers

How Does it Spread? 

What's my Risk? 

About Masks

Handling COVID Stress

What if I Have Symptoms? 

Visitor Guidance

Staying Safe as Restrictions Loosen

MORE INFORMATION: 

Using Telemedicine

Open, Ready, Safe

Making Essential Trips

Pick-Up and Delivery Services

Physical Fitness

Housecleaning

Ticks and COVID-19

Meet Dr. Spath

COVID-19 Scams

Ways to Help

CAT-TV Concert Series

Donations and Tax Benefits

• MEDICAL MATTERS

Our Services

Partnership is powerful medicine.

A commitment to excellence and a patient-centered approach sets Southwestern Vermont Health Care apart.

Your gift matters.

Southwestern Vermont Health Care is a comprehensive health system servicing Bennington and Windham Counties in Vermont, eastern Rensselaer and Washington Counties in New York, and northern Berkshire County in Massachusetts. Making a gift helps improve health care for our community.

• Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers
• Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand
• OverflowAI GenAI features for Teams
• OverflowAPI Train & fine-tune LLMs
• Labs The future of collective knowledge sharing
• About the company Visit the blog

Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Get early access and see previews of new features.

SonarLint Rule S1172 "Unused method parameters should be removed" and EventHandlers

How should I fix SonarLint Rule S1172 "Unused method parameters should be removed" when I create EventHandler methods.

You could rewrite the code with Reactive Extensions and making 'Observables' but that is quite complex solution for simple event handlers. Another option could be to rewrite the code like:

But the question then is how do you do the UnSubscribe() ? By my opinion the unused parameters is not applicable to event handler methods. But it might be difficult to make detection for that in SonarLint.

• visual-studio-2015

• As mentioned below, storing the delegate in a field is an option. But I think we should handle this issue properly in SonarLint if this is a common scenario. My feeling is that if you don't need the sender and the EventArgs at all, then you could use a custom delegate which doesn't have those. But this only works if you control the type of the event. Is this the case? Do you have subscribers that need those two parameters? Do you think this goes against event handling best practices? –  Tamas Commented Aug 19, 2015 at 6:32
• I think its a design guideline that events always should be (derived) of the type EventHandler . So that means you will always get the sender and EventArgs . So even tho the subscribers don't use those parameters all events in the .Net framework are build using this paradigm and so SonarLint should be able to handle this. I think resharper correctly recognises event handling methods and ignores the unused parameters of these. –  Niek Jannink Commented Aug 19, 2015 at 9:23
• Thanks, let's continue the discussion on github.com/SonarSource/sonarlint-vs/issues/211 –  Tamas Commented Aug 19, 2015 at 15:14
• This seems a C# or VisualStudio feature , but indeed raises other questions, see my question: stackoverflow.com/q/41162335/1845672 . btw the discussion link at github is dead –  Roland Commented Dec 15, 2016 at 11:22

If you need to unsubscribe, you'll need to store the delegate (remove static for proper code, this is pasted from a hacked console app project):

Or use a mass-unsubscribe :

Or if you own the event, you could also use this to unsubscribe all:

Or just use the syntax you've always used and create a non-anonymous method, like you show above. There's nothing wrong with that syntax. You could do the obligatory

to get rid of the warning ;)

• PS: I think this should be treated as a bug in S1172. –  jessehouwing Commented Aug 18, 2015 at 17:47
• This doesn't solve my issue. Having to store the EventHandler in a field to resolve the Rule warning S1172 doesn't seem the correct way to resolve the warning. So yea I would also say its a bug in S1172 –  Niek Jannink Commented Aug 18, 2015 at 18:52
• Just add the ArgumentNullChecks ;). If you do start to use the parameters, it's the next SonarLint error you'll run into ;). –  jessehouwing Commented Aug 18, 2015 at 18:54
• Raised over at the SonarLint issues on GitHub: github.com/SonarSource/sonarlint-vs/issues/211 –  jessehouwing Commented Aug 19, 2015 at 8:02

Your Answer

Reminder: Answers generated by artificial intelligence tools are not allowed on Stack Overflow. Learn more

Sign up or log in

Post as a guest.

Required, but never shown

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy .

Not the answer you're looking for? Browse other questions tagged c# visual-studio-2015 sonarlint or ask your own question .

• Featured on Meta
• Upcoming sign-up experiments related to tags
• The return of Staging Ground to Stack Overflow
• Should we burninate the [lib] tag?
• Policy: Generative AI (e.g., ChatGPT) is banned
• What makes a homepage useful for logged-in users

Hot Network Questions

• Aligning definition of terms of a sequence
• What is the translation of misgendering in French?
• Tubeless tape width?
• Do I need a foundation if I want to build a shed on top of paved concrete area?
• Why does Balarama drink wine?
• Can I tell a MILP solver to prefer solutions with fewer fractions?
• Simple Container Class
• Is it consistent with ZFC that the real line is approachable by sets with no accumulation points?
• Roll-adjustment definition for swaps schedule generation
• Were there engineers in blimp nacelles, and why were they there?
• Why is completeness (as in Gödel completeness theorem) a desirable feature?
• Diagnosing tripped breaker on the dishwasher circuit?
• What could explain that small planes near an airport are perceived as harassing homeowners?
• What to fill in the document number while applying for Schengen visa "C"?
• Next date in the future such that all 8 digits of MM/DD/YYYY are all different and the product of MM, DD and YY is equal to YYYY
• Cleaning chain a few links at a time
• Which numbers are sums of finite numbers of reciprocal squares?
• Are both vocal cord and vocal chord correct?
• What is the relationship between gravitation, centripetal and centrifugal force on the Earth?
• How to Control StringContainsQ
• How do I get my D&D group to engage to a minimum
• Is there a way to non-destructively test whether an Ethernet cable is pure copper or copper-clad aluminum (CCA)?
• What is the original source of this Sigurimi logo?
• Why is polling data for Northern Ireland so differently displayed on national polling sites?