Hi Team,
I will like to bring this potential issue to your attention. Reference the image below.
The bug rule violated is RSPEC-6070 where lines 8 and 14 should be flagged for use of unreliable escape sequence in those lines.
Sonarqube version: 9.9.0.65466
SonarScanner version: 5.0.1.3006
SonarQube Community Edition
Related language: Java
Thanks for your time and consideration.
Hey there.
Please take a look at this post on reporting false-positives.
You’ll need to provide a text-based snippet of code, and make sure the issue can be reproduced on the latest version of SonarQube’s Community Build.
Only the latest version of SonarQube Community Build is considered active, so you’ll need to upgrade and see if the false-negative can still be produced!
Your upgrade path is:
9.9.0 → 24.12 → 25.5
You may find these resources helpful:
Thanks for the response.
A retest has been performed using SonarQube version 10.7.0.96327. It remains the case that bug rule violation is not consistently flagged.
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
class BugExample {
public void showBug() {
try {
Pattern.compile("\\ca");
} catch (PatternSyntaxException e) {
System.out.println(e.getMessage());
}
try {
Pattern.compile("\\c!");
} catch (PatternSyntaxException e) {
System.out.println(e.getMessage());
}
}
}
To recreate the issue on your end, scan the code snippet, maybe try a few times and confirm if the violation of this rule, RSPEC-6070 is consistently flagged in the code.
Screenshot showing the result of the scan on the Sonarqube version 10.7 window.
Like I said, you need to reproduce this on the latest version. 25.5.
Well, now it’s:
10.7 → 24.12 → 25.5
