Security Hotspots tab is not showing security hotspot found

anon62440631 · October 23, 2023, 9:38am

Please provide

Operating system: Windows 10 x64
SonarLint plugin version: v3.22.0
Programming language you’re coding in: Python
Is connected mode used:
- Connected to SonarCloud or SonarQube (and which version): SonarCloud

And a thorough description of the problem / question:

Security Hotspots tab is not showing security hotspot found after the scan; as you can see in the screenshot in OUTPUT terminal there is a security hotpost but Security Hotspots is empty.
On SonarCloud, the security hotpost is shown.

sophio.japharidze · October 24, 2023, 7:31am

Hey @anon62440631, welcome to Sonar Community!

Thanks for your post . As it seems from your screenshot, you do not have a file open for which the Hotspot was detected. By default, the Security Hotspots view will only display findings for open files.

If you want to see Hotspots for the whole folder, you might want to select the In whole folder option.

Hope that helps,
Sophio

anon62440631 · October 24, 2023, 8:37am

Hi Sophio,
thank you for the reply!
Sorry, I’ve took the screenshot with file closed but I’ve same behavior with file closed/opened

sophio.japharidze · October 24, 2023, 8:57am

Thank you for the quick reply!

Could you also share a screenshot from the SonarCloud UI of how this hotspot is shown there? Also, it could be helpful if you could share the full SonarLint output logs as a text file here.

Thanks in advance,
Sophio

anon62440631 · October 24, 2023, 9:27am

Sure! PS: I’ve only “masked” some personal infos.

SonarLint.log (3.8 KB)

sophio.japharidze · October 24, 2023, 9:54am

Thanks!

This is very weird. I tried to go through exactly the same scenario as you with the same code snippet. And I see the hotspot detected both locally, and on SonarCloud. I don’t see anything wrong with your logs either

As one more debug step, could you

Close the file
Reload VSCode window
Go to VSCode > Help > Toggle Developer Tools > Console
Clear the console
Open the file to trigger analysis
Share the screenshot here

Also, does any hotspot appear when you try the in whole folder option?

Thanks,
Sophio

anon62440631 · October 24, 2023, 12:38pm

In addiction, I’ve generated terminal output log with “sonarlint.output.showVerboseLogs”: true

SonarLintVerbose.log (5.0 KB)

I’ve tried: I can see the security hotspot for that script.

sophio.japharidze · October 24, 2023, 2:33pm

Is this hotspot detected for New Code or Overall Code on SonarCloud? And what is the SonarLint focus value? You will be able to see it by clicking inside the file and hovering over the status bar item as in this screenshot.

TIA,
Sophio

anon62440631 · October 25, 2023, 8:07am

This hotspot in SonarCloud is detected for New Code

Before was Overall Code, I’ve changed to New Code but the behavior is the same

sophio.japharidze · October 25, 2023, 11:30am

Well, I’m officially out of ideas then

Your logs and console output look fine
Since the in whole folder option gives results, it means analysis works
Your SonarLint focus option does not seem to be at fault

And I cannot reproduce this issue So maybe somebody else will be able to reproduce in the Community and then we can get more insight

The only thing I can suggest is maybe you can uninstall and reinstall SonarLint and try again?

Sorry I couldn’t help more,
Sophio

anon62440631 · October 25, 2023, 12:25pm

Sorry, but I don’t think this is a real professional support; if you cannot reproduce this issue maybe there is other variables that you’re not considering.
Cheers,

ganncamp · October 25, 2023, 1:05pm

Hi,

Welcome to the community!

You should be aware that it is a community. This is not professional support. I invite you to familiarize yourself with the FAQ.

Ann

lura12111 · February 9, 2024, 11:21am

hey have you found a solution ?
I have the same problem…