SonarQube not detecting hard-coded record ids in Apex

Rules and Languages Report False-positive / False-negative...
,
1

v: 9.9
SonarQube is not detecting hard-coded record ids in some cases. We came across a file which had hard-coded record id present inside a for loop. SonarLint also failed in detecting the issue.

The code has a similar structure:

for(Account acc:[select … where id in :idList and recordTypeId='0000000000

When I tested the record id by assigning it to a string variable outside the loop, sonarlint successfully detected the issue.

2

Hey there.

I’ve moved your post to the section on reporting false-positives.

Can you include:

  • What flavor/version of SonarLint you’re using
  • What Rule ID is (not) raising an issue
  • A more complete code sample? Doesn’t have to be exactly what’s in your codebase, but should be complete and exhibit the same symptoms.
3

SQ version: 9.9 LTE
Slint ver: SonarLint for Vscode 4.7
Rule ID: apex:S5379

for(Address add:[select id, name, var1__c, var2__c, var3__c,recordtypeid from address where recordtypeId=‘###############’ and account.recordtypeId=‘###############’ LIMIT 49999 FOR UPDATE]){

      //Business code

}

The false negative is happening at both SonarLint and SonarQube levels

4

A specific record type ID is really important here.