Skip to content

SONARXML-180 : Fix FP in IndentationCheck (S1120) for string line continuation #398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rombirli wants to merge 13 commits into
base: master
Choose a base branch
from
Open

SONARXML-180 : Fix FP in IndentationCheck (S1120) for string line continuation #398

rombirli wants to merge 13 commits into from
+41 −16

Conversation

@rombirli
Copy link
Contributor

@rombirli rombirli commented Dec 23, 2025
edited
Loading

Important notes

As noted in Gabriel's review, this PR will trim a few True Positives (TPs) in specific scenarios like the one below:

<string name="lipsum">Lorem ipsum dolor, sit ame
conesctetur</string>

Current Context & Rationale

Currently, an issue is reported on the closing tag (</string>) for the wrong reason.

  • The "Actual" Reason: SonarXML raises an issue on the closing tag simply because it miscalculates the indentation based on the number of characters preceding the tag on that same line.
  • The "Expected" Reason: If we were to report this properly (as Gabriel suggested), the issue should actually be on the second line of the content, because the line continuation should be indented one level further than the opening tag.

Why I chose not to implement the "Proper Check"

While Gabriel proposed checking string content indentation properly, I have decided to keep string content ignored in IndentationCheck. I believe this remains the best option for the following reasons:

  1. Avoiding False Positives (FPs): While conventions exist for simple multiline strings (Line Continuations and Multiline Strings), XML is frequently used to wrap raw data or code snippets (like the example below). In these cases, standard indentation rules are often not relevant.
  2. Embedded Content Complexity: In scenarios like this, a "proper" indentation check would produce significant noise:
<bean id="bean1" class="org.abc.ClassA">
  <constructor-arg>
    <value>inline:
package org.abc;

class ClassA {
  int function1() {
      return 0;
  }
}
    </value>
  </constructor-arg>
</bean>

By maintaining the exclusion of string content from the check, and keeping the trivial check, we avoid reporting "accidental" issues on closing tags while preventing a high volume of False Positives in files containing embedded scripts or formatted text.

@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Dec 23, 2025
edited by atlassian bot
Loading

SONARXML-180

@sonarqube-next
Copy link

sonarqube-next bot commented Dec 26, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
94.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@rombirli rombirli marked this pull request as ready for review December 26, 2025 10:11
@rombirli rombirli requested a review from a team December 26, 2025 10:11
@github-actions
Copy link
Contributor

github-actions bot commented Jan 3, 2026

This PR is stale because it has been open 7 days with no activity. If there is no activity in the next 7 days it will be closed automatically

@github-actions github-actions bot added the stale label Jan 3, 2026
@GabrielFleischer GabrielFleischer requested review from GabrielFleischer and removed request for GabrielFleischer January 5, 2026 12:49
GabrielFleischer
GabrielFleischer requested changes Jan 5, 2026
View reviewed changes
Copy link
Contributor

@GabrielFleischer GabrielFleischer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think your method is a bit too broad and trim too many TPs.

I provided you with a moretest cases.

@github-actions github-actions bot removed the stale label Jan 6, 2026
@rombirli
Copy link
Contributor Author

rombirli commented Jan 7, 2026

I spent way too much time on it and it looks fixing it would be more complicated than initially expected.

@rombirli rombirli closed this Jan 7, 2026
@rombirli rombirli reopened this Jan 7, 2026
@rombirli
Revert check strings indentation everywhere
e49b3f9 
Revert "Draft of full solution not trimming too many FP"

This reverts commit b604297.

Revert "Refactoring : split test into MultilineString.xml and LineContinuation.xml"

This reverts commit 0c9cc3e.

Revert "Refactoring tests - use parametrized tests"

This reverts commit e10bfa4.

Revert "Refactoring - clean IndentationCheck.java"

This reverts commit 43af5f0.

Revert "Refactoring & behavior fix, add non-trivial tests"

This reverts commit 300ab87.

Revert "Fix qg"

This reverts commit 653a104.

Revert "Fix plugin test"

This reverts commit 4194663.

Revert "Continue small fixes and edge case tests"

This reverts commit 712666c.
GabrielFleischer
GabrielFleischer approved these changes Jan 7, 2026
View reviewed changes
Copy link
Contributor

@GabrielFleischer GabrielFleischer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, I join you on the fact that the lost FPs provide more value than the lost TPs.

So, LGTM

I still thing the comment explaining the exception would be better by using whitespaces rather than -, but this is nitpicky.

@rombirli
Copy link
Contributor Author

rombirli commented Jan 7, 2026

As discussed, I join you on the fact that the lost FPs provide more value than the lost TPs.

So, LGTM

I still thing the comment explaining the exception would be better by using whitespaces rather than -, but this is nitpicky.

good catch, I applied the suggestion

@sonarqube-next
Copy link

sonarqube-next bot commented Jan 7, 2026

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
94.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

dorian-burihabwa-sonarsource
dorian-burihabwa-sonarsource requested changes Jan 8, 2026
View reviewed changes
Copy link
Contributor

@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking to keep out of release 2.15

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource requested changes

@GabrielFleischer GabrielFleischer GabrielFleischer approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rombirli @GabrielFleischer @dorian-burihabwa-sonarsource