Template for a good bug report, formatted with Markdown:
versions used (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube Enterprise Edition Version 8.9 (build 43852)
Scanner: 4.6.1.2450-linux
error observed (wrap logs/code around triple quote ``` for proper formatting)
our issue code snippet can be in following flow:
int function(int flag, int b) {
int a;
if (flag) {
a = b;
}
return a; // Noncompliant - "a" has not been initialized in all paths
}
steps to reproduce
in fact, we found 4 c-language code snippets with above issue, 3 were detected by SonarQube, while 1 was not detected.
potential workaround
NA.
P.S.: use the #bug:fault sub-category if you’re hitting a specific crash/error , or the #bug:fp sub-category for rules-related behaviour
I checked locally, and our analyzer seems to detect the issue you are referring to. So it must be something in the environment or other part of your code that leads to this false-negative. To help investigate, please provide the reproducer file that helps us reproduce the issue on our side. To generate the reproducer file:
Add the reproducer option to the scanner configuration: sonar.cfamily.reproducer= "Full path to the .cpp file that has or include the file that has the false-positive"
Re-run the scanner to generate a file named sonar-cfamily.reproducer in the project folder.
Please share this file. If you think this file contains private information, you can send it privately.