Hi Team, I will like to bring this potential issue to your attention. Reference Images 1 and 2 below, where Image 1 is the original and Image 2 is a variant. Image 1 correctly shows that the bug rule in RSPEC-2201 was violated in line 31 while in Image 2 violation of the same bug rule is not flagged in line 31.
Sonarqube version: 9.9.0.65466
SonarScanner version: 5.0.1.3006
SonarQube Community Edition
Related language: Java
Please take a look at this post on reporting false-positives.
You’ll need to provide a text-based snippet of code, and make sure the issue can be reproduced on the latest version of SonarQube’s Community Build.
Only the latest version of SonarQube Community Build is considered active, so you’ll need to upgrade and see if the false-negative can still be produced!
A rescan has been done on the code snippet with version SonarQube 10.7 and the violation of bug RSPEC-2201 was not flagged. The code snippet below contains a call to the toLowercase() function, and the result is ignored; however, it wasn’t flagged for violating this bug rule.
Code snippet:
class BugDemo {
public void showBug() {
String command = "Hello World";
command.toLowerCase();
}
}
Screenshot from the sonarqube scanning window showing the provided the code snippet where bug rule violation was not flagged