Hi, I am using SonarQube and SonarScanner which are latest version. I tried some cases in the document (vulnerability category), but SonarQube failed to report them.
The following figure shows a RSPEC-2658 example:
public class Main {
public static void main(String[] args) throws Exception {
String className = System.getProperty("messageClassName");
Class clazz = Class.forName(className); // should report a warning, but no warnings.
System.out.println(clazz);
}
}
This is the analysis results:
There are also no warnings in security hotspots.