From ae55b8d7645a26daa262112d39502eb8520c48a6 Mon Sep 17 00:00:00 2001 From: denis-troller Date: Tue, 21 Oct 2025 17:23:34 +0000 Subject: [PATCH 1/4] Create rule S8213 --- rules/S8213/go/metadata.json | 25 ++++++++++++++++++++ rules/S8213/go/rule.adoc | 44 ++++++++++++++++++++++++++++++++++++ rules/S8213/metadata.json | 2 ++ 3 files changed, 71 insertions(+) create mode 100644 rules/S8213/go/metadata.json create mode 100644 rules/S8213/go/rule.adoc create mode 100644 rules/S8213/metadata.json diff --git a/rules/S8213/go/metadata.json b/rules/S8213/go/metadata.json new file mode 100644 index 00000000000..1c608c70435 --- /dev/null +++ b/rules/S8213/go/metadata.json @@ -0,0 +1,25 @@ +{ + "title": "FIXME", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "defaultSeverity": "Major", + "ruleSpecification": "RSPEC-8213", + "sqKey": "S8213", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown", + "code": { + "impacts": { + "MAINTAINABILITY": "HIGH", + "RELIABILITY": "MEDIUM", + "SECURITY": "LOW" + }, + "attribute": "CONVENTIONAL" + } +} diff --git a/rules/S8213/go/rule.adoc b/rules/S8213/go/rule.adoc new file mode 100644 index 00000000000..7193b5561c7 --- /dev/null +++ b/rules/S8213/go/rule.adoc @@ -0,0 +1,44 @@ +FIXME: add a description + +// If you want to factorize the description uncomment the following line and create the file. +//include::../description.adoc[] + +== Why is this an issue? + +FIXME: remove the unused optional headers (that are commented out) + +//=== What is the potential impact? + +== How to fix it +//== How to fix it in FRAMEWORK NAME + +=== Code examples + +==== Noncompliant code example + +[source,go,diff-id=1,diff-type=noncompliant] +---- +FIXME +---- + +==== Compliant solution + +[source,go,diff-id=1,diff-type=compliant] +---- +FIXME +---- + +//=== How does this work? + +//=== Pitfalls + +//=== Going the extra mile + + +//== Resources +//=== Documentation +//=== Articles & blog posts +//=== Conference presentations +//=== Standards +//=== External coding guidelines +//=== Benchmarks diff --git a/rules/S8213/metadata.json b/rules/S8213/metadata.json new file mode 100644 index 00000000000..2c63c085104 --- /dev/null +++ b/rules/S8213/metadata.json @@ -0,0 +1,2 @@ +{ +} From 91709e44d74799ae993699b2ddb6fb7181e4e2ad Mon Sep 17 00:00:00 2001 From: denis-troller Date: Tue, 21 Oct 2025 19:31:53 +0200 Subject: [PATCH 2/4] Update rules/S8213/go/rule.adoc in PR #5774 --- rules/S8213/go/rule.adoc | 51 ++++++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/rules/S8213/go/rule.adoc b/rules/S8213/go/rule.adoc index 7193b5561c7..659eb75af6a 100644 --- a/rules/S8213/go/rule.adoc +++ b/rules/S8213/go/rule.adoc @@ -1,16 +1,27 @@ -FIXME: add a description - -// If you want to factorize the description uncomment the following line and create the file. -//include::../description.adoc[] +This is an issue when the same Go package is imported multiple times (both directly and with an alias) or when code uses the full package name instead of a defined alias. == Why is this an issue? -FIXME: remove the unused optional headers (that are commented out) +Importing the same package multiple times creates redundancy and confusion about which import to use. When a package is imported both with and without an alias, it's unclear which approach developers should follow throughout the codebase. + +Inconsistent usage of import aliases further compounds this problem. If an alias is defined for a package, using the full package name in some places and the alias in others makes the code harder to read and maintain. + +This inconsistency can lead to: + +* Confusion about which import style to use +* Potential naming conflicts if the same package is referenced differently +* Reduced code readability and maintainability +* Unnecessary cognitive load when reading the code -//=== What is the potential impact? +Go's import system is designed to be explicit and clear. Following consistent import patterns helps maintain this clarity. + +=== What is the potential impact? + +This issue primarily affects code maintainability and readability. While not a security concern, inconsistent imports can lead to developer confusion, increased cognitive load when reading code, and potential maintenance issues when refactoring or updating dependencies. == How to fix it -//== How to fix it in FRAMEWORK NAME + +Remove redundant imports and keep only the aliased version when a package is imported both directly and with an alias. === Code examples @@ -18,27 +29,27 @@ FIXME: remove the unused optional headers (that are commented out) [source,go,diff-id=1,diff-type=noncompliant] ---- -FIXME +import ( + "cloud.google.com/go/pubsub/v2" + "cloud.google.com/go/pubsub/v2/apiv1/pubsubpb" // Noncompliant + pb "cloud.google.com/go/pubsub/v2/apiv1/pubsubpb" +) ---- ==== Compliant solution [source,go,diff-id=1,diff-type=compliant] ---- -FIXME +import ( + "cloud.google.com/go/pubsub/v2" + pb "cloud.google.com/go/pubsub/v2/apiv1/pubsubpb" +) ---- -//=== How does this work? - -//=== Pitfalls +== Resources -//=== Going the extra mile +=== Documentation + * Go Language Specification - Import declarations - https://golang.org/ref/spec#Import_declarations[Official Go specification for import declarations and package aliases] -//== Resources -//=== Documentation -//=== Articles & blog posts -//=== Conference presentations -//=== Standards -//=== External coding guidelines -//=== Benchmarks + * Effective Go - Package names - https://golang.org/doc/effective_go#package-names[Best practices for Go package naming and imports] From d5335ae963255d65ccc3467a470d5a7326851308 Mon Sep 17 00:00:00 2001 From: denis-troller Date: Tue, 21 Oct 2025 19:31:56 +0200 Subject: [PATCH 3/4] Update rules/S8213/go/metadata.json in PR #5774 --- rules/S8213/go/metadata.json | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/rules/S8213/go/metadata.json b/rules/S8213/go/metadata.json index 1c608c70435..492db0001d8 100644 --- a/rules/S8213/go/metadata.json +++ b/rules/S8213/go/metadata.json @@ -1,25 +1,27 @@ { - "title": "FIXME", + "title": "Package imports should be consistent and avoid redundancy", "type": "CODE_SMELL", "status": "ready", "remediation": { - "func": "Constant\/Issue", - "constantCost": "5min" + "func": "Constant/Issue", + "constantCost": "2 min" }, "tags": [ + "convention", + "imports" ], - "defaultSeverity": "Major", + "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-8213", "sqKey": "S8213", "scope": "All", - "defaultQualityProfiles": ["Sonar way"], + "defaultQualityProfiles": [ + "Sonar way" + ], "quickfix": "unknown", "code": { "impacts": { - "MAINTAINABILITY": "HIGH", - "RELIABILITY": "MEDIUM", - "SECURITY": "LOW" + "MAINTAINABILITY": "BLOCKER" }, "attribute": "CONVENTIONAL" } -} +} \ No newline at end of file From d74b681735638cf585629ab2e0a38784a200c073 Mon Sep 17 00:00:00 2001 From: Sebastien Marichal Date: Thu, 30 Oct 2025 08:59:43 +0100 Subject: [PATCH 4/4] Rule metadata update --- rules/S8213/go/metadata.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/S8213/go/metadata.json b/rules/S8213/go/metadata.json index 492db0001d8..220d24a72ad 100644 --- a/rules/S8213/go/metadata.json +++ b/rules/S8213/go/metadata.json @@ -10,7 +10,7 @@ "convention", "imports" ], - "defaultSeverity": "Blocker", + "defaultSeverity": "Minor", "ruleSpecification": "RSPEC-8213", "sqKey": "S8213", "scope": "All", @@ -20,8 +20,8 @@ "quickfix": "unknown", "code": { "impacts": { - "MAINTAINABILITY": "BLOCKER" + "MAINTAINABILITY": "MEDIUM" }, "attribute": "CONVENTIONAL" } -} \ No newline at end of file +}