Must-share information (formatted with Markdown):
Using SonarQube 6.7LTS.
SonarQube has flagged an issue with some code very similar to this FreeBSD networking code. It complains of error code S5000 stating that:
“memcmp” should only be called with pointers to trivially copyable types with no padding
The structure in-question is an IPv6 address which is defined this way.
My goal is to have this SonarQube warning go away while retaining the possibility that other errors in the same line (now or in the future) might be reported.
In an ideal world, SonarQube would recognize that this sort of structure cannot have any padding in it on a practical level. Is there a way to so instrument the structure to indicate this? For example, would SonarQube intelligently recognize the “packed” attribute on the structure?
The next alternative would be to suppress this particular class of warnings on the particular lines. It appears that SonarQube supports @SuppressWarnings for Java code. Alas, I’m unable to find particular mechanisms to do so for C/C++ code. I know that many linters and Coverity do that, but can’t find documentation for SonarQube.
Marking the issue as “False Positive” seems to be the preferred option in the SonarQube documentation, but our internal SQ team reports that those annotations don’t get carried forward to future branches so everything needs to be reevaluated and redone again, making this unworkable.
Finally, there’s the //NOSONAR statement, but that disables all scanning for the particular line. I want to avoid that because it’s foreseeable that other issues (especially with pointers) might be introduced in the future and we don’t want to avoid being notified of them.
How can I best resolve this issue within the constraints listed?