Found False Positives for Vulnerabilities

I have coded for these three issues and I have used the non compliant code yet sonarlint has found no issues. In console I see ‘SonarLint analysis of project httpsessionlogin2 (34 files processed)…
Found 0 issue(s)’
I am using Eclipse IDE for Enterprise Java and Web Developers Version: 2021-12 (4.22.0) and SonarLint 7.2.1

Below is the code and i have added screenshot of sonar report

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session=request.getSession();
String id=request.getRequestedSessionId();
String value="/";

		response.setHeader("Set-Cookie", value);  // Noncompliant
	    Cookie cookie = new Cookie("jsessionid", id);  // Noncompliant
	    String location = request.getParameter("url");
	    response.setHeader("Location", location);
	PrintWriter out=response.getWriter();
	request.getRequestDispatcher("link.html").include(request, response);

protected void configure(HttpSecurity http) throws Exception {
	   http.sessionManagement().sessionFixation().none(); // Noncompliant: the existing session will continue
	     http.authorizeRequests().antMatchers("/resources/**", "/signup", "/about").permitAll().antMatchers("/admin/**").hasRole("ADMIN").antMatchers("/admin/login").permitAll().antMatchers("/**", "/home").permitAll().antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')").and().formLogin().loginPage("/login").permitAll().and().logout().permitAll();

Hello Priyanka and welcome to the community!

These are taint-style/injection vulnerabilities. SonarLint can not find those on its own. If you click on the links you posted you can see at the bottom what tools support these rules.

You can show these issues in SonarLint if you enable SonarQube connected mode. You require at least SonarQube Developer Edition though to find the issues.