Re: Sonar for the Django rpoject

2016-09-14 Thread Ivan Sevastoyanov
Hello, Here is my blog post about setting up SonarQube. I think it takes about 15 minutes, so you can run it yourself if you want (and if you have time of course). Have a good day! Regards, Ivan On Friday,

Re: Sonar for the Django rpoject

2016-09-09 Thread Ivan Sevastoyanov
Hello, I installed some older versions of SonarQube and unfortunately the rules are not the same and the report generated is not full. But I reviewed the issues and I did not find any security issues or something that is absolutely critical. There are 40 major issues that are marked as bugs.

Re: Sonar for the Django rpoject

2016-09-06 Thread Ivan Sevastoyanov
Hello, I'm back from the vacation. @Hanne Moa - As far as I know, you can skip packages, files and everything can be customized. It's the same with the rules. I did not prioritized the Sonar rules - they are the default ones and Sonar is detecting not only possible bugs and issues but code

Re: Sonar for the Django rpoject

2016-09-05 Thread James Bennett
On Wed, Aug 31, 2016 at 10:55 AM, Alex Gaynor wrote: > If these are what qualifies as critical, I don't think this is a good use > of our time. > > > Agreed. If those are the critical things, then either Django is really really good, or there are things it's missing. I

Re: Sonar for the Django rpoject

2016-09-05 Thread Alex Gaynor
If these are what qualifies as critical, I don't think this is a good use of our time. Alex On Wed, Aug 31, 2016 at 1:50 PM, Ivan Sevastoyanov < ivan.sevastoya...@gmail.com> wrote: > >

Re: Sonar for the Django rpoject

2016-09-05 Thread Aymeric Augustin
Hello Ivan, Given that both Django and Sonar are open-source, anyone should be able to reproduce your results easily… If there are security issues, please email them to secur...@djangoproject.com instead of publishing them. That’ll make them a bit less easy

Re: Sonar for the Django rpoject

2016-09-05 Thread Hanne Moa
Is there a way to ignore django.utils.dateformat? That code is very straight forward, and it is not supposed to be called manually by humans. I can't see how a "fix" would improve things. Munging the second string in the getattr? Adding "upper" and "lower" or something similar to each method-name?

Re: Sonar for the Django rpoject

2016-09-03 Thread Ivan Sevastoyanov
Hi, I'm on a vacation and far from my PC now so it's possible that I'll not be able to answer some of the questions. @Sergei - Sonar can be applied the same way you have Jenkins. It will be easier to track some issues immediately. Sonar combines all the rules from pylint, pep8 plus some other

Re: Sonar for the Django rpoject

2016-09-03 Thread Curtis Maloney
If there will be sweeping commits to remove six and other py2 concessions, can the cleaning be included then? On 4 September 2016 9:38:05 AM AEST, Sergei Maertens wrote: >I kind of like these reports, since they can take away some of the >early >review work. I would

Re: Sonar for the Django rpoject

2016-09-03 Thread Sergei Maertens
I kind of like these reports, since they can take away some of the early review work. I would put it on the same level as the `isort` checks we have now. On the other hand, adapting the existing codebase to 'resolve' this code smells will introduce quite some 'stupid' commits, so it might be

Re: Sonar for the Django rpoject

2016-08-31 Thread Ivan Sevastoyanov
I'm posting the the 11 criticals. In my opinion, they are not critical, they are just code smells. I will try to export the report so you can review the major

Re: Sonar for the Django rpoject

2016-08-31 Thread Tim Graham
Any security issues should be reported to secur...@djangoproject.com, otherwise it's fine to share the information here. On Wednesday, August 31, 2016 at 2:25:55 AM UTC-4, Ivan Sevastoyanov wrote: > > All the rules are with a default severity so there might be some major > issues that it's

Re: Sonar for the Django rpoject

2016-08-31 Thread Ivan Sevastoyanov
All the rules are with a default severity so there might be some major issues that it's worth reviewing them. I will post the critical issues this evening because I'm at work now. Do you want to post them somewhere else because it's a sensitive information? I will try to find out how to export

Re: Sonar for the Django rpoject

2016-08-30 Thread Tim Graham
Perhaps you could tell us about some of the critical issues so we could get a sense for that. On Tuesday, August 30, 2016 at 4:26:42 PM UTC-4, Ivan Sevastoyanov wrote: > > >

Re: Sonar for the Django rpoject

2016-08-30 Thread Ivan Sevastoyanov
That is the report from the Sonar with all the rules included. Unfortunately, I cannot export it as a PDF or some more convenient format. I can describe all the steps

Re: Sonar for the Django rpoject

2016-08-28 Thread Ivan Sevastoyanov
OK, I will try to do that on my machine and will post the results here (because frankly speaking I haven't done it before on my own). I don't know when I will have enough time to do it but I guess 3 to 4 days. Regards, Ivan On Sunday, August 28, 2016 at 11:16:57 PM UTC+3, Aymeric Augustin

Re: Sonar for the Django rpoject

2016-08-28 Thread Aymeric Augustin
On 28 Aug 2016, at 21:43, Ivan Sevastoyanov wrote: > My question is do you consider using SonarQube for code quality analysis, > static analysis and find bugs because it's able to do that. I guess that depends on the signal / noise ratio in the things SonarQube

Re: Sonar for the Django rpoject

2016-08-28 Thread Ivan Sevastoyanov
My mistake. I had to ask with more details. My question is do you consider using SonarQube for code quality analysis, static analysis and find bugs because it's able to do that. I am asking for the Django project as a whole. Sonar can track the commits and show you if there are added some

Re: Sonar for the Django rpoject

2016-08-28 Thread Aymeric Augustin
On 28 Aug 2016, at 20:46, Ivan Sevastoyanov wrote: > Do you consider using SonarQube (or something similar) for code quality > analysis? Hello Ivan, Generally speaking, there isn’t a lot of demand for code changes with no impact on functionality, especially as

Sonar for the Django rpoject

2016-08-28 Thread Ivan Sevastoyanov
Hi guys, I am new to Django and I want to contribute to the project soon. Sorry for the question if it's not appropriate. Do you consider using SonarQube (or something similar) for code quality analysis? Regards, Ivan -- You received this message because you are subscribed to the Google