SonarQube Server: Data Center Edition v2025.1.1 (104738)
how is SonarQube deployed: zip
We have a function that reads an HTTP response back from Curl. The code looks like this:
if (response_code >= 200 && response_code <= 299) {
// Do some stuff
} else if (response_code == 203) {
// Do some stuff
} else if (response_code == 401) {
// Do some stuff
} else if (response_code == 404) {
// Do some stuff
} else {
// Do some stuff
}
The obvious bug here is that the if (response_code == 203) line is never reached because it’s caught by the earlier (response_code >= 200 && response_code < 299). But I’m surprised SonarQube doesn’t spot this. Is there no capability to notice unreachable code or is this just not being spotted?
Indeed, at the moment we only detect trivially unreachable code with cpp:S1763, which does not cover your case.
We envision working on a more useful rule that would flag such invariant conditions as part of CPP-5167. We have no specific timeline for it.
Additionally, the next SonarQube Server release will provide a MISRA C++ 23 rule (0.0.2) “Controlling expressions should not be invariant” which should also detect such bugs. (Note that the rule is available to SonarQube Server users if you enable the additional setting for the preview of MISRA C++ 23 rules. We do not promise to keep these rules available for free once we have a more complete MISRA coverage).
By default, when MISRA C++ 2023 rules are applied during analysis, a scanner warning informs developers that additional MISRA C++ 2023 Early Access rules can be enabled on their instance. As an instance administrator, you can activate or deactivate this warning by passing a scanner property at the instance level.
To do this, set the sonar.cfamily.misra.warnNewRules scanner property to true or false in your $<INSTALL_DIRECTORY>/conf/sonar-scanner.properties file.
Hello there.
Just bringing some additional information.
To enable the MISRA Early Access, you need to enable it at the instance level as explained here.
Note that it is available only in SonarQube Server 2025 Release 2 (one release after the version you run) and later, starting from Enterprise Edition (so, including Data Center Edition).
The rule that Arseniy mentioned will be shortly released in SonarQube Server 2025 Release 3.