So, I was trying to use SonarQube as a check-code tool for my project. My project is a simple website, includes FE, BE (for particular purpose) and Blockchain. SonaQube was doing good with the FE and BE part, and at first, it was okay with the BC code, too.
Until now, I change a little bit of my contract's structure, and SonarQube stop reviewing my code! (The FE and BE part still good!).
The transformation of the contract's code, is that, rathan directly use openzeppelin in node_modules file, as the main contract file would import openzeppelin like this:
"import "@openzeppelin/contracts/token/ERC721/ERC721.sol";", I decided to copy all needed files in @openzeppelin (in node_modules), directly into my contracts folder, and now I import openzeppelin like this:
My contract project's structure is in the picture below, the red part is my 2 main .sol file:
A reason for doing this re-struture thing is because, I think OpenZeppelin's code would change very fast, while my project need to maintain for, like at lease 2-4 years. And if I dont save the openzeppelin version I used when I code this contract, it would be a mess for people who will take over me and who will maintain thís project in the future.
The problem in here is that, after I have changed the structure, the SonarQube stopped reviewing my code. It kept warning some thing like this:
I have no idea about this. Have anyone faced this problem before? Can you propose some technique, some keyword or anything that would help me solve this problem?
Actually, I still can build and run the contract pretty normally. The only problem that the SonarQube is not working! Still wonder why this happended?
Thank for your help!
I notice one thing, that the warning might because of Openzeppelin's .sol files (instead of my files).
- Openzeppelin: v4.x
- Solidity: v0.8.x
- Hardhat: ^2.3.0
- Others: hardhat-contract-sizer (^2.0.3), not sure if this is the problem?