How to avoid "High simulation costs for sink in" error


With latest SonarQube Enterprise 9.9.3 LTS version (same with previous 9.9 LTS), when i’m scanning my .net projects, on my azure pipeline i have some “INFO” line with “High simulation costs for sink in 'filepath.cs:linenumber) Stop analysing this sink”

How to avoid this “information” an realy scan all source code (no worry about time or ressources)

Thank you :slight_smile:

Hi @tnoiret,

the scanner performs a complex taint analysis that attempts to trace all possible user inputs through all possible paths of the program. Such an analysis can, in theory and under certain conditions, explode exponentially. The engine has some built-in mechanics that allow it to detect when the analysis of some parts of the code starts to consume too much memory, in order to cut branches and focus analysis time and memory on the parts of the code where it is most likely to find problems.

There is currently no way for users to influence this built-in mechanism, as it relies on some complex hardcoded settings related to engine internals. In other words, exposing these settings would be meaningless to users without in-depth knowledge of the source code. There is also no way to completely disable this mechanism and essentially just run an “unlimited” analysis. If there was, it is quite possible that the analysis would run forever (or almost). Meanwhile, it is unlikely that you would find any more meaningful issues. Therefore, such a feature would not make much sense.

In summary, you can safely ignore these messages! :slight_smile: