SonarCube Security Hotspot issues

Ramya_Akula · April 2, 2019, 10:41am

Hi Nicolas,

Sonar Cube shows, Security Hotspot issues like,

Make sure that executing SQL queries is safe here.
Make sure that this http request is sent safely.
Make sure this file handling is safe here.
Make sure that exposing this HTTP endpoint is safe here.
Make sure that using a regular expression is safe here.

Is it possible to solve these issues?

Are we should suppress these issues?

I didn’t get any resolution for these above issues.

Could you please help me on these.

Regards,
Ramya

Nicolas_Harraudeau · April 2, 2019, 3:24pm

Hi @Ramya_Akula,

Security Hotspot issues are meant to be reviewed by a security expert. They point to locations in the code where vulnerabilities often hide. They do not impact the quality gate. The security expert can change issue the status to:

“detect” which will change the issue type to “Vulnerability”.
“Dismiss” which will mark the issue as “Won’t fix”.

The description of each rule explains the kind of vulnerabilities that can be expected and what are the best practices.

Further documentation is available here and here.

We are currently working on improving the Security Hotspot review workflow. We welcome any feedback regarding the rules and the documentation.

Regards,
Nicolas

Ramya_Akula · April 3, 2019, 5:06am

Thank You, i will get back to you, if i have any queries.

saberduck · November 13, 2019, 4:43pm

A post was split to a new topic: Issue with replaceAll