FP in SonarQube Server but not SonarQube for IDE?

Then tell us:

• What language is this for?
  C (I usually do C++ but in this case i got C. I have not seen such behavior in C++)
• Which rule?
  Multiple rules. c:S995, c:S5350, c:S836
• Why do you believe it’s a false-positive/false-negative?
  c:S995, c:S5350: The paramerers are used and changed
  c:S836: The variable is initialized! There is an =!
• Are you using
  • SonarQube Server Enterprise Edition v9.9.6 (build 92038)
  • SonarQube for IDE VSCode 1.97.0, extension 4.15.0
    • in connected mode with SonarQube Server / Community Build or SonarQube Cloud?
      Both
• How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)

So SQ reports a few false positive. No news here I suppose, I NOSONAR-ed them all, but the latest one is marked BUG now and it made me report it.

The strange thing is, that SonarQube for IDE does not report it. Neither in connected mode, nor in my offline minimal project.

Here is the issue in SQ:

image1007×865 35.8 KB

And here is the code as a minimal project:
minimal_project.zip (2.0 KB)

Note: Issues appear when scanning for windows and linux, but the bug one obviously only appears in windows, we use stdlib in linux.

Hey there.

The latest version of SonarQube for IDE is using a much newer version of the C/C++ analyzer than SonarQube v9.9 LTA, even when using Connected Mode.

For the three rules you’ve mentioned, here’s a sample of all the issues fixed in the last 2 years.

It’s probably time you start investing in your upgrade to SonarQube’s new LTA version, v2025.1.

Scanning your example against v2025.1, after removing the NOSONAR comments I don’t get any of the issues you mentioned (just c:s954 on line 7 to move an #include to the top of the file.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.