I’m new to SonarQube and very thankful for the great tool and helpful community.
I’m interested in learning more about the data flow capabilities of SonarQube, which from my understanding are referred to as Symbols in SQ. I couldn’t find any in depth tutorial on this topic so I’ll put a few usecase examples and it would be great to have a pointer to some material which cover that.
In a high level, I want to be able to write rules and infer the exact parameter values which were relevant to Method Invocation. i.e. given a function with a signature:
public String someFunc(String caller, String key), and a method invocation
someFunc(username, userkey), I want to track the exact values of
I saw in one of the core team’s answers that this is
Symbolic execution and that SQ doesn’t expose this, but this answer is quite old so any updates on that would be great.
Partial coverage would also be useful, i.e.
- Identify when the value was changed
- Identify only constant value definition
- Identify the relations w/o value, i.e.
usernameis set using another Method Invocation
Thanks, and I would appreciate some guidance on that topic,