We use sonar version is sonarqube:9.5.0-enterprise, it scaned java codes and reported error about:
Sonar reported error “I/O function calls should not be vulnerable to path injection attacks”
We followed the fix and modify related codes, but still report the error, see our codes below: line86
We already add line85 to identify whether the path exist.
Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:
9.5 → 9.9 → 10.0 (last step optional)
You may find these resources helpful:
If you have questions about upgrading, feel free to open a new thread for that
If you still believe you face a false-positive afterwards, please follow the instructions in the following post to report a false-positive (which includes sharing a code snippet rather than a screenshot)
Hey SonarSource Community!
False-positives happen, as do false-negatives, and we’re eager to fix them. We are thrilled when our users report problems, so we can make our products better.
What is a false-positive (FP)?
A false-positive is when an issue is raised unexpectedly on code that should not trigger an issue, or where the suggested action doesn’t make any sense for the code.
What is a false-negative (FN)?
A false-negative is when an issue should be raised on a piece of code, but isn’t…