I am trying out SonarCloud for the first time and was able to link my GitHub organization and analyze a C project. However, there seem to be many incorrectly flagged bugs. For example, one that I see says
“An integral type is too small to hold a pointer value.” (Intentionality: Not logical)
& “Pointers should not be cast to integral types.”
It’s part of a structure initialization that is passed to HAL_DMA_Init, which is part of the vendor provided HAL library. While on one hand, the HAL is violating the part about casting a pointer to an integer, the pointer size is only 32-bits so there is no actual problem with it being “too small”. Hence the severity of this finding should probably be reduced.
Is there a place to configure settings like the pointer size for the architecture of the project? (It seems like SonarCloud is assuming that pointers are larger than 32-bit size, which is wrong.)
Is there a way to mark the issue as invalid / incorrect?
are you using the SonarCloud Automatic Analysis feature?
At the moment, there is no feature to force the architecture of the project when using the Automatic Analysis feature on SonarCloud. If you want to have the architecture of the project detected you would need to configure the manual analysis in your CI.
See:
I have experimented with both automatic analysis and CI-triggered analysis but would prefer to use the automated option.
Could you open a feature request for configuring options such as architecture / pointer-size when automated analysis is used?
Can you open a feature request to allow some projects to use automatic analysis and others not to? (It seems that this is currently a “global” setting)