But for me it seems that addLocation is the same as addFlow with only one flow?
When should I use which of the API function?
What is the difference in the UI?
The items in both cases are NewIssueLocation. Each individual NewIssueLocation can have an own InputComponent (file, dir, module) and message. In some cases messages belong to locations outside of the project (e.g. a library):
How can I handle this? Is it allowed to set file paths that do not exist in the project?
addLocation is technically the same as addFlow with only one location. It is currently stored the same way in the scanner report and in DB. Say otherwise, a flow with a single location is a secondary location.
Depends if you report a flow or a secondary location
flow = code path that will lead to the issue
secondary location = other locations that may help to understand the issue
All secondary locations are displayed at the same time when you select an issue (see for example some issues about cognitive complexity).
No, you can only report locations on InputFile or on the project itself. We have deprecated InputDir for a while. One solution is to report the location on the InputProject, and provide more details in the location message.
Depends at which level you look. From a functional point of view, the two concepts are different, and may in the future be handled technically in a different way.
But currently, technically, the underlying model is:
issue <--- 0 - n ---> flow <--- 1 - n ---> issue location
Adding a secondary location will ‘just’ add a flow with a single location.
when we set primary issue in file a.cpp and add a secondary location in b.cpp, secondary location will become a primary issue in Sonarqube UI if user set sonar.exclusion=a.cpp