Static Code Analysis Results #4075
mm-mbinder
started this conversation in
General
Replies: 1 comment
-
|
Thanks for reporting this — the SonarQube finding descriptions/links didn't come through in the post, and the line numbers reference the 3.11.2 single-include header. Could you re-share the actual rule IDs/messages (not just line numbers) for the bugs and security hotspots? Without the specific messages it's hard to tell whether these are real issues or SonarQube false positives on header-only template-heavy code (which is common). This reply was drafted by Claude Code on behalf of @nlohmann, as part of a review of open discussions. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I've included this library in one of our projects, which has a SonarQube analysis active. SonarQube reported some bugs and security hotspots in the included header file. Since i don't have the capabilities or knowledge to evaluate or fix any of the issues, i thought it would be at least a good idea to report the issues here.
For context the single header release from version 3.11.2 was included/analyzed here. MSVC143 is used as compiler.
Bugs:
Line 6164 - SonarQube Description

Line 14715 - SonarQube Description

Line 18943 - SonarQube Description

Line 18958 - SonarQube Description

Line 20003 - SonarQube Description

Line 20421 and Line 19742 - SonarQube Description


Security Hotspots:
Line 4183 - SonarQube Description

Line 6520 - SonarQube Description

Beta Was this translation helpful? Give feedback.
All reactions