The code snippet below is flagged in the VS IDE as well as by our SonarQube installation which is hooked into our Azure DevOps pipeline via the SonarScanner.
var length = 0x80;
var bytesRequired = 0;
while (length > 0)
{
length >>= 8;
bytesRequired++;
}
stream.Write((byte)(bytesRequired | 0x80));
The final line is flagged effectively stating bytesRequired isn’t set to a non-zero value.
Changing bytesRequired++; to bytesRequired += 1; no longer flags the issue. That makes me think we have the fixed Analyzer version but that this is an additional edge case needing to be handled.
SonarQube v8.9 LTS was bundled with v8.22 of the .NET analyzer, and therefore doesn’t contain a fix for that false-positive… and, in the latest versions of SonarLint for Visual Studio we should be using a much later version (even in connected mode), so I’ll flag this for attention.
I re-read the SonarLint portion of your reply. You’re saying that because the latest SonarLint is also flagging this in VS, the previous false positive fix doesn’t cover this scenario? That would make sense.
Thanks!