I have installed SonarLint on eclipse, its working ok, showing tips, etc. but I have found that there are rules with high severity (e.g. “NullPointerException” should not be caught: - Major - Rules explorer, and also others with Critical) that are not checked by default.
Why these rules are not checked if they had a high severity? In my mind they should be checked by default if they are important. Am I missing anything?
Also, the amount of rules in the web seems to be higher than the amount of rules in the eclipse plugin. Are some rules SonarQube exclusive? Does SonarLint have all the rules it can check?
Thanks in advance
I have found that there are rules with high severity […] that are not checked by default
Why these rules are not checked if they had a high severity?
Some rules might be considered as too specific/too opinionated/too verbose to be enabled by default. But still we might consider that when they apply, the severity is high.
However, we are open to feedback, let us know the rules you think should be on by default.
e.g. “NullPointerException” should not be caught
I think this rule ( java:S1696) was disabled by default because some people use NPE as a control flow/validation checks, but maybe we could reconsider. @Quentin any opinion?
Also, the amount of rules in the web seems to be higher than the amount of rules in the eclipse plugin.
You can see in the FAQ all documented reasons: mainly all taint vulnerabilities detected by our security engine are not available directly in SonarLint, as well as security hotspots.
The rule you mentioned was developed more than 7 years ago, at the time, it was considered that it should not be included in the default profile. I did not manage to find the exact reason, though.
Today, we have more experience and the knowledge and usage of the language evolved. I expect that many rules could benefit from a review.
The good news is that it is exactly what we plan to do during this year: reconsider the profile, severity, scope, … of all rules.
I made sure to add this example to the list of rules we should look at.
Hope this clarifies the situation.