- Version: Community Edition Version 8.1 (build 31237)
- error observed: Private source code is visible when more than single code location.
- Make project private and remove source code browser permission for default group.
- Scan a project with issues with multiple code locations for the issues (very common).
- Login as a user that only default sonar-user group.
- Click on issues that call out multiple code locations.
Expected behavior: Warning that “no source code can be displayed” is shown.
Observed behavior: Source code is fully displayed.