Hello,
SQ reports a security hotspot on one of my projects. Please see https://sonarcloud.io/project/security_hotspots?id=com.github.sbaudoin%3Asonar-ansible
The line that is liable to the issue is the following:
Matcher oldSplitter = Pattern.compile("^(.*):([0-9]+): \\[E([^\\[]+)\\] (.*)$").matcher(rawIssue);
But if I create a branch to try to fix the issue, the hotspot is not detected. Please see https://sonarcloud.io/project/security_hotspots?branch=java_S5852&id=com.github.sbaudoin%3Asonar-ansible
Matcher oldSplitter = Pattern.compile("^(.*):([0-9]+): \\[E([^\\[]+)\\] (.*)$").matcher(rawIssue);
Matcher oldSplitter2 = Pattern.compile("^(.*):([0-9]+): \\[E([^\\[]+)\\] (.+)$").matcher(rawIssue);
Matcher oldSplitter3 = Pattern.compile("^(.*):([0-9]+): \\[E([^\\[]+)\\] (.*)$").matcher(rawIssue);
We can find above the first that causes the issue on the master branch (I added an extra space to ease visual comparison): it is not reported as buggus (neither is the 3rd line, which is exactly the same), but the second line is. From this we can say that *
does not seem to cause the issue, but in the master branch it does.
Do you know what is wrong in the master branch?
Regards,
Sylvain