Should a rule be adjusted for False-Positives, False-Negatives, or just a better description? Should analysis scope be broadened for a new framework, or language version? Let us know! [Resources: How to Report a False-positive / False-negative]
Hi, We got issues raised by sonarqube on (document).ready function.
- Function should not be too complex
- Function should not have too many lines
I though that it should not count the (document).ready(function(){}) and count on the functions inside it instead, just like it does in IIFE. Or there should be a way to in JavaScript rule to optionally ignore counts on (document).ready(function(){}) and count on the functions inside it instead
Can we mark it as a false-positive?
In C#, the rule about
“Instance method should not write to static fields . Updating a Static Field from a non-static method or static class is not thread safe when we have multiple class instances and/or multiple threads in play , it may lead to unexpected results.”
if the field is annotated with [ThreadStatic], is it still a problem?
Can we mark it as a false-positive?
Hey,
we got one with vulnerabity XXE, on TransformerFactory.newInstance() and DocumentBuilderFactory.newInstance();
We put just after this two code’s ligne “setFeature” as they say.
But sonar continue to say, there are a vulnerabilty
How can I make sure that sonar no longer displays these vulnerabilities?
Thanks
Aurélie