SonarLint shows errors in some files but not others for XXE processing

I am using SonarLint in IDEA and having the following issues while fixing the OWASP XXE vulnerabilities. Please let me know if there is a fix that you can suggest

Sometimes SonarLint shows errors in some files but not others

SonarQube CE 7.6 shows error but SonarLint does not

Sometimes, it catches the same error in one file but not another - SonarLint in this example is flagging the XML Transformer issue for the PMSResponseSelector class, but not in the DefaultXMLContentFactory class.


I see you tried to be explicit doing these screenshots but I’m not sure they help a lot as pieces of code in SQ and SonarLint don’t match.

Firstly, upgrade SonarJava plugin and SonarLint. Make sure that binding of SonarLint to SonarQube is updated.

Then check logs of SonarLint.

Finally provide code examples (not pictures, use markdown), and explain the inconsistencies you experience.