which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Community, 10.3.0.82913, Azure Devops Server with SonarQube Extension
how is SonarQube deployed: zip, Docker, Helm
what are you trying to achieve
Vulnerability with Path.Combine was not detected. It’s a C# Asp.Net MVC Application. There is an http endpoint in a controller called uploadFile with String filename as parameter. There is a null check after that and nothing else. Later in the code it will be combined with Path.Combine(uploadPath, filename). This is a serious issue because of the odd behavior of Path.Combine with absolute paths.
what have you tried so far to achieve this
After finding this issue we wondered why such a trivial case was not detected by sonarqube.
Welcome to the community and thanks for this report!
Could you provide a compact reproducer, please?