Once we performed the static code analysis with SonarQube and SonarLint eclipse plugin, non of them could detect a vulnerability in the below code segment . But this has defined as a vulnarability under the rules of sonarsource web site. protected void doGet(HttpServletRequest req, HttpServletRespo…

Hello thank you for your question. This rule, along with other security-related rules, is available with SonarQube Developer Edition and above. Which edition are you using?

HTTP request redirections vulnerability does not detect with SonarLint plugin and SonarQube server

SonarQube for IDE Eclipse

Julien_HENRY (Julien Henry) November 30, 2020, 8:14am 3

To complete @JBL_SonarSource answer, it is expected that SonarLint doesn’t report those rules. See the SonarLint FAQ for details.

Topic		Replies	Views
SonarLint not show reporting vulnerabilities in Eclipse Eclipse eclipse	5	2769	May 5, 2021
SonarLint for Eclipse 5.3.0 released Releases eclipse , sonarqube-ide	2	1360	July 28, 2020
SonarLint for Eclipse v5.8.1 released - Taint vulnerabilities in the IDE Releases eclipse , sonarqube-ide	0	1483	March 16, 2021
Found False Positives for Vulnerabilities Eclipse java , eclipse	1	616	February 4, 2022
SonarLint for Eclipse v7.5 - Instant sync of SonarQube issue suppressions and taint vulnerabilities Releases javascript , java , eclipse , python , sonarqube-ide	0	1060	September 20, 2022

HTTP request redirections vulnerability does not detect with SonarLint plugin and SonarQube server

Related topics