Please provide
- Operating system: MacOS Monterey
- IDE name and flavor/env: VSCode
Version: 1.67.1 (Universal)
Commit: da15b6fd3ef856477bf6f4fb29ba1b7af717770d
Date: 2022-05-06T12:37:16.526Z (6 days ago)
Electron: 17.4.1
Chromium: 98.0.4758.141
Node.js: 16.13.0
V8: 9.8.177.13-electron.0
OS: Darwin x64 21.4.0
- SonarLint plugin version: 3.4.2
- Is connected mode used: Yes
- Connected to SonarCloud
And a thorough description of the problem / question:
I just tried to test finding a vulnerability in my code by adding a very clear/explicit vulnerability:
exec($_GET['command']);
SonarLint didn’t find it. I waited 15 minutes after saving to see if it was just a time issue.
I tried semgrep which found and reported the issue nearly immediately in VSCode.
Any idea why SonarLint isn’t catching it?