Does SonarQube account for CVE-2021-42574?

We’re using 9.0.1 version of the Enterprise Edition of SonarQube. I was reading an article the other day and came across a new unicode bidirectional security issue and wondered if SonarQube scans for this? I searched the existing rules and couldn’t find any mention of it but wanted to confirm. If SonarQube does not currently cover this issue, are there plans to?

No, it doesn’t. Ref: Highlight Unicode BIDI characters as Security Hotspot

1 Like