SonarQube not detecting coding issue with C++ code calling back() function on an empty vector

joen · November 9, 2022, 5:41am

Scanner Version: sonar-scanner-4.7.0.2747
Server Verison: Enterprise Edition Version 9.7.1 (build 62043)

When we scan a code with C++ code calling back() function on an empty vector. SonarQube doesn’t detect any error/issue

Here is what the code look like:

01   int function_a(int inHeight)
02     {
03         std::vector<ITransformFactory_ptr> transFactories;
04         if (SetupArriRawDecoder == 12)
05         {
06            transFactories.emplace_back(mDecoderTransformFactory);
07         }
08         
09         test_bool(transformFactories.back());
10   }

There should be an issue identify at line 09

Please let me know if this is an issue that should be detected by SonarQube
Thanks

Abbas · November 11, 2022, 2:21pm

Hi @joen,

Thanks for the valuable report.

Unfortunately, our analyzer cannot detect this issue.

We are always working on improving our engine and increasing the coverage. It makes sense to detect the issue in your example. we have a ticket where we plan to simulate standard containers to detect such issues: [CPP-3608] - Jira

Thanks,

system · November 28, 2022, 1:08pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.