Make sure to read this post before raising a thread here:
Then tell us:
What language is this for?
C/CPP
Which rule?
unknown
Why do you believe it’s a false-positive/false-negative?
Command injection is a common issue. It might be trivial but is still seen from time to time.
Are you using
How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)
Hi @Herschdorfer and welcome to the community!
Indeed, Sonar C and C++ analyzer offers only a limited set of security rules. So far we have maintained our focus on the quality of the code rather than its security. Yet, as you might know, quality and security are correlated.
In particular, we have not invested in the detection of injection vulnerabilities, including the command injection.
We do have it on our radar, however. I have recorded your interest in CPP-4903.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.