Hi,
I’m using sonarlint and connected to my project in sonarqube. In local sonarlint analysis some rules for ex C:S125 is identified as an issue in one .c file but not getting identified as issue in other .c file in the same project
Thanks
Divya
Hey there.
Can you share examples of code (or more accurately, codes as comments) where the issue is raised, and examples of code where it is not? What version of SonarLint are you using?
Hi,
I’m using sonarlint version : 6.12.0.59751
//#define RUNTIME_VAR → identified as an issue with code C:S125
// a = b; → not getting identified as issue
Thanks,
Divya
Hello @Divya_123, and thanks for your feedback. It is very hard to achieve 100% accuracy when detecting code inside comments. In our approach, we rely on some heuristics when analyzing the comment to decide if it is commented-out code. These heuristics are more accurate the longer the comment being analyzed is. To reduce the noise, we also follow a stricter approach with short comments, because it is very hard to make the decision accurately with very little information.
The false negative in your example would have been reported if slightly more information is available, examples:
// int a = b;
or
// if (a > b) {
// a = b;
// }
or even with variable names that are a bit more descriptive:
// max = val;
Do you have any other examples that you would like to share?