Once we performed the static code analysis with SonarQube and SonarLint eclipse plugin, non of them could detect a vulnerability in the below code segment . But this has defined as a vulnarability under the rules of sonarsource web site.
Thanks for the reply. I’m using the SonarQube Community edition. Is there any possibility that I can enable this rule in SonarLint? Is there any specific SonarLint edition?
The taint analysis engine that powers these rules is currently too computationally intensive for the near-real-time developer experience that we want to provide with SonarLint.
We are definitely looking into ways to bring these powerful rules in the IDE in the next few months, and according to our current plans, this will rely on connected mode with either SonarCloud or a commercial edition of SonarQube.