OK, appriciate you for the informations about CFamily.
And my work is kind of explore the specific tool Vuldeepecker and we could use it to detect CWE119 and CWE399, BUT we still need to improve in generating code gadgets.
Still I have the a question.
In the doucumentation https://docs.sonarqube.org/latest/extend/new-languages/ . There are 6 points of parsing a new language. What confused me is how to input my source-code to the new plugin. I know that org.sonar.api.batch.fs.FileSystem#inputFiles API could get access to the filesystem. But how to use it to generate AST. I saw the classes Context,SensorContext are important in SonarJava and PythonVisitorContext in SonarPython. I just didn’t see how they relate to org.sonar.api.batch.fs.FileSystem#inputFiles.
Appriciate for your help again and please enlighten me:joy: