Skip to content

fix: address formal review findings from all 14 review-sets#115

Merged
Malcolmnixon merged 2 commits intomainfrom
copilot/perform-formal-review-steps
Apr 3, 2026
Merged

fix: address formal review findings from all 14 review-sets#115
Malcolmnixon merged 2 commits intomainfrom
copilot/perform-formal-review-steps

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 3, 2026
edited
Loading

Pull Request

Description

Performed formal review steps on all 14 review-sets defined in .reviewmark.yaml and fixed the issues found.

High Severity

  • Missing Uri.EscapeDataString for projectKey in SonarQubeClient.cs (4 locations): project keys containing special characters (e.g. Maven-style org.example:project) would produce malformed API URLs. Fixed at lines for components/show, qualitygates/project_status, issues/search, and hotspots/search — consistent with how branch was already handled.

Medium Severity

  • HttpClient resource leak in Validation.cs: The mock factory passed ownsHttpClient=false, meaning the HttpClient created per test was never disposed. Changed to true so SonarQubeClient.Dispose() correctly releases it.
  • TemporaryDirectory.Dispose() missing DirectoryNotFoundException: Directory.Delete() can throw DirectoryNotFoundException (TOCTOU race between Exists check and Delete call). Added to the exception filter alongside IOException and UnauthorizedAccessException.

Code Quality

  • Repeated "application/json" literal in Validation.cs: Extracted into a private const string JsonContentType constant, replacing 5 inline occurrences.
  • FetchPaginatedAsync cognitive complexity: Extracted the paging-check logic (three ternary reads and final if/else) into a new private static bool HasMorePages(JsonElement, int) helper, reducing the method's cognitive complexity from 16 to below the allowed threshold of 15.

Documentation / Traceability

  • program.md satisfies-requirements section: Removed SonarMark-Server-QualityGate, SonarMark-Server-Issues, SonarMark-Server-HotSpots (belong to SonarQubeClient unit) and SonarMark-Validation-Run (belongs to Validation unit); added missing SonarMark-Report-Depth.
  • sonar-qube-client.md satisfies-requirements section: Removed SonarMark-Server-Connect, SonarMark-Server-Auth, SonarMark-Server-ProjectKey, SonarMark-Server-Branch (all belong to the Program unit per unit-program.yaml).
  • sonar-quality-result.md satisfies-requirements section: Removed SonarMark-Server-QualityGate, SonarMark-Server-Issues, SonarMark-Server-HotSpots (belong to SonarQubeClient unit; SonarQualityResult holds the data but does not fetch it).

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Code quality improvement

Related Issues

Pre-Submission Checklist

Before submitting this pull request, ensure you have completed the following:

Build and Test

  • Code builds successfully: dotnet build --configuration Release
  • All unit tests pass: dotnet test --configuration Release
  • Self-validation tests pass:
    dotnet run --project src/DemaConsulting.SonarMark --configuration Release --framework net10.0
    --no-build -- --validate
  • Code produces zero warnings

Code Quality

  • Code formatting is correct: dotnet format --verify-no-changes
  • New code has appropriate XML documentation comments
  • Static analyzer warnings have been addressed

Linting

  • All linters pass: ./lint.sh (Unix/macOS) or cmd /c lint.bat / ./lint.bat (Windows)

Testing

  • Added unit tests for new functionality
  • Updated existing tests if behavior changed
  • All tests follow the AAA (Arrange, Act, Assert) pattern
  • Test coverage is maintained or improved

Documentation

  • Updated README.md (if applicable)
  • Updated ARCHITECTURE.md (if applicable)
  • Added code examples for new features (if applicable)
  • Updated requirements.yaml (if applicable)

Additional Notes

Formal review was performed by invoking the code-review agent separately on each of the 14 review-sets defined in .reviewmark.yaml to avoid context collisions between reviews.

@Malcolmnixon
fix: address formal review findings from all 14 review-sets
8e275da 
- Apply Uri.EscapeDataString to projectKey in SonarQubeClient.cs (4 locations)
- Fix HttpClient resource leak in Validation.cs (ownsHttpClient false→true)
- Add DirectoryNotFoundException to TemporaryDirectory.Dispose() catch
- Fix requirements traceability in program.md, sonar-qube-client.md, sonar-quality-result.md

Agent-Logs-Url: https://github.com/demaconsulting/SonarMark/sessions/cdc7a37d-c22b-4d98-b5e0-a898c2d9e2d8

Co-authored-by: Malcolmnixon <1863707+Malcolmnixon@users.noreply.github.com>
Copilot AI requested a review from Malcolmnixon April 3, 2026 22:02
@Malcolmnixon Malcolmnixon marked this pull request as ready for review April 3, 2026 22:05
Copilot AI review requested due to automatic review settings April 3, 2026 22:05
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses formal review findings across the ReviewMark review-sets by fixing URL encoding in SonarQube API calls, correcting a self-test HttpClient ownership/disposal issue, hardening temporary directory cleanup, and updating requirements traceability in design docs.

Changes:

  • Encode projectKey with Uri.EscapeDataString when building SonarQube API URLs (multiple endpoints).
  • Fix HttpClient disposal in self-validation by setting ownsHttpClient=true, and ignore DirectoryNotFoundException during temp directory cleanup.
  • Adjust design-doc “Satisfies Requirements” lists to correctly reflect unit ownership/traceability.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/DemaConsulting.SonarMark/SonarIntegration/SonarQubeClient.cs Escapes projectKey in API query strings to prevent malformed URLs for keys containing special characters.
src/DemaConsulting.SonarMark/SelfTest/Validation.cs Ensures mock-created HttpClient is disposed via SonarQubeClient.Dispose(), and hardens temp directory cleanup against TOCTOU delete races.
docs/design/sonar-mark/sonar-integration/sonar-qube-client.md Removes requirements that belong to other units to keep traceability accurate.
docs/design/sonar-mark/report-generation/sonar-quality-result.md Removes server-fetch requirements from a data/formatting record doc to reflect correct responsibility.
docs/design/sonar-mark/program.md Updates requirement mapping by removing server-fetch/validation items and adding the missing report-depth trace.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Malcolmnixon
Copy link
Copy Markdown
Member

Malcolmnixon commented Apr 3, 2026

@copilot Validation.cs is getting complaints "Define a constant instead of using this literal 'application/json' 5 times."

SonarQubeClient.FetchPaginatedAsync is getting "Refactor this method to reduce its Cognitive Complexity from 16 to the 15 allowed."

@Malcolmnixon
fix: resolve SonarQube static analysis complaints
96265d1 
- Add JsonContentType constant in Validation.cs to replace 5 repeated 'application/json' literals
- Extract HasMorePages helper from FetchPaginatedAsync to reduce cognitive complexity from 16 to ≤15

Agent-Logs-Url: https://github.com/demaconsulting/SonarMark/sessions/471c3d8f-8f03-4821-a918-d8a520a8fcfc

Co-authored-by: Malcolmnixon <1863707+Malcolmnixon@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 3, 2026

@copilot Validation.cs is getting complaints "Define a constant instead of using this literal 'application/json' 5 times."

SonarQubeClient.FetchPaginatedAsync is getting "Refactor this method to...

Both addressed in commit 96265d1:

  • application/json literal: Added a private const string JsonContentType = "application/json" in Validation.cs and replaced all 5 usages with the constant.
  • FetchPaginatedAsync cognitive complexity: Extracted the three ternary paging reads and the final if/else into a new private static bool HasMorePages(JsonElement pagingElement, int pageNumber) helper, reducing complexity to below the 15 threshold.

Copilot AI requested a review from Malcolmnixon April 3, 2026 22:15
@Malcolmnixon Malcolmnixon requested a review from Copilot April 3, 2026 22:20
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Malcolmnixon Malcolmnixon merged commit b35775a into main Apr 3, 2026
19 checks passed
@Malcolmnixon Malcolmnixon deleted the copilot/perform-formal-review-steps branch April 3, 2026 22:26
This was referenced Apr 6, 2026
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
This was referenced Apr 6, 2026
Merged
Merged
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Malcolmnixon Malcolmnixon Awaiting requested review from Malcolmnixon

Assignees

@Malcolmnixon Malcolmnixon

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Malcolmnixon