From 85febeac2b0b3900033204cde68f173ee9ce33ff Mon Sep 17 00:00:00 2001 From: denis-troller Date: Tue, 21 Oct 2025 17:23:08 +0000 Subject: [PATCH 1/3] Create rule S8212 --- rules/S8212/go/metadata.json | 25 ++++++++++++++++++++ rules/S8212/go/rule.adoc | 44 ++++++++++++++++++++++++++++++++++++ rules/S8212/metadata.json | 2 ++ 3 files changed, 71 insertions(+) create mode 100644 rules/S8212/go/metadata.json create mode 100644 rules/S8212/go/rule.adoc create mode 100644 rules/S8212/metadata.json diff --git a/rules/S8212/go/metadata.json b/rules/S8212/go/metadata.json new file mode 100644 index 00000000000..1bdab33612e --- /dev/null +++ b/rules/S8212/go/metadata.json @@ -0,0 +1,25 @@ +{ + "title": "FIXME", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-8212", + "sqKey": "S8212", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown", + "code": { + "impacts": { + "MAINTAINABILITY": "HIGH", + "RELIABILITY": "MEDIUM", + "SECURITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } +} diff --git a/rules/S8212/go/rule.adoc b/rules/S8212/go/rule.adoc new file mode 100644 index 00000000000..7193b5561c7 --- /dev/null +++ b/rules/S8212/go/rule.adoc @@ -0,0 +1,44 @@ +FIXME: add a description + +// If you want to factorize the description uncomment the following line and create the file. +//include::../description.adoc[] + +== Why is this an issue? + +FIXME: remove the unused optional headers (that are commented out) + +//=== What is the potential impact? + +== How to fix it +//== How to fix it in FRAMEWORK NAME + +=== Code examples + +==== Noncompliant code example + +[source,go,diff-id=1,diff-type=noncompliant] +---- +FIXME +---- + +==== Compliant solution + +[source,go,diff-id=1,diff-type=compliant] +---- +FIXME +---- + +//=== How does this work? + +//=== Pitfalls + +//=== Going the extra mile + + +//== Resources +//=== Documentation +//=== Articles & blog posts +//=== Conference presentations +//=== Standards +//=== External coding guidelines +//=== Benchmarks diff --git a/rules/S8212/metadata.json b/rules/S8212/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S8212/metadata.json @@ -0,0 +1,2 @@ +{ +} From 7ea0c777f2988c55142a1f771d4f1c4ffbb65a58 Mon Sep 17 00:00:00 2001 From: denis-troller Date: Tue, 21 Oct 2025 19:31:24 +0200 Subject: [PATCH 2/3] Update rules/S8212/go/rule.adoc in PR #5773 --- rules/S8212/go/rule.adoc | 63 ++++++++++++++++++++++++++++------------ 1 file changed, 44 insertions(+), 19 deletions(-) diff --git a/rules/S8212/go/rule.adoc b/rules/S8212/go/rule.adoc index 7193b5561c7..d48dca2f006 100644 --- a/rules/S8212/go/rule.adoc +++ b/rules/S8212/go/rule.adoc @@ -1,16 +1,26 @@ -FIXME: add a description - -// If you want to factorize the description uncomment the following line and create the file. -//include::../description.adoc[] +This rule raises an issue when error reporting functions include only partial error information while additional error details are available in scope. == Why is this an issue? -FIXME: remove the unused optional headers (that are commented out) +When errors occur, complete information is essential for effective debugging. Including only partial error details, such as error types or contexts, while omitting the actual error values makes troubleshooting significantly more difficult. + +In Go, errors often contain specific details about what went wrong, including stack traces, underlying causes, and contextual information. When developers report errors using functions like `t.Fatalf()`, `log.Printf()`, or similar logging mechanisms, they sometimes include only generic error types (like `context.DeadlineExceeded`) or partial context, while the actual error variable containing detailed information remains unused. + +This practice creates several problems: + +* **Incomplete debugging information**: Developers trying to fix issues lack the specific details needed to understand the root cause +* **Increased debugging time**: Without complete error information, developers must spend additional time reproducing issues or adding more logging +* **Missed error patterns**: Specific error details might reveal patterns or common causes that generic error types don't show + +Complete error reporting helps teams identify issues faster, understand their scope, and implement more targeted fixes. + +=== What is the potential impact? -//=== What is the potential impact? +Incomplete error reporting significantly increases debugging time and effort. Developers may struggle to identify root causes of failures, leading to longer resolution times and potentially missing critical issues. In production environments, this can result in prolonged outages or unresolved problems that affect system reliability. == How to fix it -//== How to fix it in FRAMEWORK NAME + +Include all available error information in error messages. When both error context and error variables are available, include both in the error message to provide complete debugging information. === Code examples @@ -18,27 +28,42 @@ FIXME: remove the unused optional headers (that are commented out) [source,go,diff-id=1,diff-type=noncompliant] ---- -FIXME +func processWorkflow() { + err := executeWorkflow() + if err != nil { + t.Fatalf("executeWorkflow error: %v", context.DeadlineExceeded) // Noncompliant + } +} ---- ==== Compliant solution [source,go,diff-id=1,diff-type=compliant] ---- -FIXME +func processWorkflow() { + err := executeWorkflow() + if err != nil { + t.Fatalf("executeWorkflow error: %v, err: %v", context.DeadlineExceeded, err) + } +} ---- -//=== How does this work? +== Resources + +=== Documentation + + * Go Error Handling - https://go.dev/blog/error-handling-and-go[Official Go blog post about error handling best practices] + + * Effective Go - Errors - https://go.dev/doc/effective_go#errors[Official Go documentation on error handling patterns] + + * Go Testing Package - https://pkg.go.dev/testing[Documentation for Go's testing package and error reporting functions] + +=== Standards -//=== Pitfalls + * CWE-209: Generation of Error Message Containing Sensitive Information - https://cwe.mitre.org/data/definitions/209.html[While this rule promotes including more error information, care should be taken not to expose sensitive data] -//=== Going the extra mile +=== Related rules + * RSPEC-2698 - https://rules.sonarsource.com/java/RSPEC-2698/[Java rule for including complete error information in test assertions] -//== Resources -//=== Documentation -//=== Articles & blog posts -//=== Conference presentations -//=== Standards -//=== External coding guidelines -//=== Benchmarks + * RSPEC-6423 - https://rules.sonarsource.com/csharp/RSPEC-6423/[C# rule for comprehensive error reporting in tests] From 3883539b0edac45fb4f6df9c241920c346f44120 Mon Sep 17 00:00:00 2001 From: denis-troller Date: Tue, 21 Oct 2025 19:31:27 +0200 Subject: [PATCH 3/3] Update rules/S8212/go/metadata.json in PR #5773 --- rules/S8212/go/metadata.json | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/rules/S8212/go/metadata.json b/rules/S8212/go/metadata.json index 1bdab33612e..e3471617da1 100644 --- a/rules/S8212/go/metadata.json +++ b/rules/S8212/go/metadata.json @@ -1,25 +1,27 @@ { - "title": "FIXME", + "title": "Error messages should include all available error information", "type": "CODE_SMELL", "status": "ready", "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" + "func": "Constant/Issue", + "constantCost": "5 min" }, "tags": [ + "error-handling", + "debugging" ], - "defaultSeverity": "Major", + "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-8212", "sqKey": "S8212", "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown", "code": { "impacts": { - "MAINTAINABILITY": "HIGH", - "RELIABILITY": "MEDIUM", - "SECURITY": "LOW" + "MAINTAINABILITY": "BLOCKER" }, - "attribute": "CONVENTIONAL" + "attribute": "COMPLETE" } -} +} \ No newline at end of file