Bug not detected RSPEC-5866

engmscyorku · July 18, 2025, 6:41am

Hi Sonarqube Team,

The code below seems to contain the bug described in RSPEC-5866, however, the bug was not being detected during the scan. Any thoughts?

import java.util.regex.Pattern;
class CaseInsensitiveUnicodeBug {
    public boolean showBug(String input, String regex) {
        Pattern pattern = Pattern.compile(regex, Pattern.CASE_INSENSITIVE);
        return pattern.matcher(input).find();
    }
    public static void main(String[] args) {
        CaseInsensitiveUnicodeBug bug = new CaseInsensitiveUnicodeBug();
        String input = "söme pättern";
        String regex = "SÖME PÄTTERN";
        System.out.println(bug.showBug(input, regex));
    }
}

Sonarqube version 25.5
Lang: Java
SonarScanner version: 5.0.1.3006

Screenshot of code scan results

Leonardo_Pilastri · October 27, 2025, 1:48pm

Hello, thanks for the multiple reports.

I have created this ticket to group them up and keep track of them. We will investigate them as soon as we have the capacity for it!

Have a good day

Topic		Replies	Views
Rule not detected RSPEC-5850 Report False-positive / False-negative...	1	25	October 27, 2025
Write efficient, error-free and safe regular expressions (regex) in Java Sonar Updates java , regex	2	4355	January 7, 2021
NullPointerException in S4248 SonarQube Server / Community Build java , sonarqube	3	1409	November 13, 2018
S5860 - Names of regular expressions named groups should be used (when they're actually...) Report False-positive / False-negative... java , sonarqube-ide	2	770	February 9, 2021
False positive for S5860 when using named group regex Report False-positive / False-negative... java , sonarqube	2	590	April 19, 2023

Bug not detected RSPEC-5866

Related topics