Hi,
Sonarqube 9.9 LTS
Recently, we had false positives for these 2 rules confirmed by Sonarsource Support.
it’s also mentioned here
Is this only a problem with the Java rules for S5144 and S5145 or are implementations for other languages also affected / are there known issues too ?
Gilbert
Hi Gilbert,
Are you asking because you’re experiencing something, or are you trying to get out ahead of potential problems? I believe the core implementation is shared, but that doesn’t mean we’ll necessarily have the same problems in multiple languages.
Ann
Hi Ann,
it’s the second case, means trying to get out ahead of potential problems.
Maybe other users have / had issues with other languages.
Gilbert
Hi,
The two rules do exist for other languages and some detection logic is shared between the different languages. However, the details (what is considered as a source, as a sanitizer, a skin, …) are dependant on the language. Moreover, it is dependent on the libraries used. So when you get a false positive in one language, it does not mean that you will get the same false positive in all languages.
Best regards,
Sebastien
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
