I’m coming from the Java area and I’m used that SonarQube is mostly correct with such kind of findings. Now I’m confronted with a small c/c++ project where SonarQube flags code that was originally found in the net as
Memory copy function overflows destination buffer I can not not see the point - can you see who is right? I hope it is not all to obvious?
https://sonarcloud.io/project/issues?id=Friends-of-OpenBikeSensor_OpenBikeSensorFirmware&issues=AXVSCjrR3HHzkZhCc1vE&open=AXVSCjrR3HHzkZhCc1vE - I’ve already reduced the severity from blocker to critical.
Is this a bug in my or SonarQubes logic?
The full project is at https://github.com/Friends-of-OpenBikeSensor/OpenBikeSensorFirmware and the Github action at https://github.com/Friends-of-OpenBikeSensor/OpenBikeSensorFirmware/actions
BTW: I’ve to mention that I’m impressed by the SonarCloud offering, thanks!