squid:S2077 issues do not appear


(sangeeta) #1
  • Sonarqube 7.5
  • Description : Issues with rule “Executing SQL queries is security-sensitive (squid:S2077)” does not appear in project dashboard/issues or code , but when we goto rules description’s Most Violating Projects , there it appears
  • Reproduce: Scan a project having issues of squid:S2077, goto project issues , it wont appear. Now goto rules desription and there under Most Violating Projects , you can find your project and number of issues

(Christophe Zurn) #2

Hello @sangeetap,

Rule “Executing SQL queries is security-sensitive (squid:S2077)” is a hotspot, as such it is not a bug/vulnerability/code smell and does not impact your quality gate.
Such issues are meant to highlight potential vulnerabilities that need to be reviewed by a security expert. I invite you to read more about this subject here.
You can view all hotspots for your project in the Issues section by selecting the Security Hotspot issue type.

Best,
-Chris


(sangeeta) #3

Thanks Chris

Sangeeta Premani