Misra rules seems bypassed for C code

Some Misra rules (I assume all) seems to be bypassed when scanning C code.

Environment:

  • I am using SonarQube Developer Edition Version 8.4.2 (build 36762)
  • I am using sonar-scanner-cli-4.6.0.2311-windows
  • I created a quality profile containing all rules tagged with misra and misrac3

Issue description:

  • Added a code snippet using goto, which should violate the rule M14.4: do not use goto (MISRA C)
  • Run the scanner on the code, adding -D"sonar.lang.patterns.c++=**/*.cxx,**/*.cpp,**/*.cc,**/*.hxx,**/*.hpp,**/*.hh" to the cmd line to actually scan the *.c source files
  • The Misra rule is not triggered, whereas other code smells are triggered (undocumented APIs, lines too long, …)

This is confirmed also with using IAR Embedded Workbench to enable Misra analysis, that shows rules being triggered, but SonarQube does not.

Thanks for the help

Hello @valentin and welcome to the community!

We don’t have the tag misrac3 in our plugin for C/C++. The tags for misra rules are: misra-c++2008,
misra-c2004, misra-c2012 and based-on-misra.
If you activate these rules and our plugin you should see the issues.

From my understanding the tag misrac3 comes from sonar-cxx, an unofficial plugin that isn’t supported on this forum.

So you can either switch to our plugin or ask for help on sonar-cxx channel.

Hello @Amelie and thanks for your explanation!
It is clear now, I will switch to sonar-cxx channel as this is the plugin used on our project).

Thanks again,
Valentin