Reviewing issues
SonarCloud shows the code that it raised issues on.
To view an issue in the code:
1. Retrieve the issue and open its detail view as described above.
2. In the Where is the issue? tab, you can see the issue’s location with the issue message.
3. Depending on the issue, secondary locations or execution flows may be displayed to help you understand the issue or trace the issue source. To navigate through the secondary locations or navigate through the issue flow: see below.
4. To understand why this is an issue, open the Why is this an issue? tab in the issue description. You can also open the rule that raised the issue by selecting the rule link at the top of the issue description.
Navigating through the issue's secondary locations
All SonarCloud issues specify a location in the code showing where the issue occurs. However, some of the more complex rules produce issues for which a single location is not enough to adequately explain why the issue has occurred. These more complex rules often identify additional locations in the code to help understand the problem. These additional locations are referred to as secondary locations. Secondary locations may just indicate other locations that are related to the issue or may identify a flow through the code that leads to the issue.
Other locations
To navigate through the other locations of an issue:
1. Retrieve the issue and open its detail view as described above in Retrieving issues. The secondary locations are listed as illustrated below (The example below shows an example in SonarQube, but this is very similar in SonarCloud.).
2. To navigate to a secondary location, click on it in the list. You can also use the keyboard combination indicated under the list to navigate to the previous or next location.
Execution flow
Paths through the code (execution flows) are shown from the source to the sink (destination) when the issue originates upstream. In particular, for issues breaking a security-injection rule, there is a vulnerability when the inputs handled by your application are controlled by a user (potentially an attacker) and not validated or sanitized. In that case, SonarCloud displays the execution flow from the sources (user-controlled inputs) to sinks (sensitive functions).
Check out this video for an example of a security issue with an execution flow.
To navigate through the execution flow(s) of an issue:
1. Retrieve the issue and open its detail view as described above. In the left sidebar, the execution flows are listed as illustrated below (The example below shows an example in SonarQube, but this is very similar in SonarCloud).. In the example below, the source is located in another file than the sink.
2. To navigate to a location in the execution flow, select it in the list. You can also use the key combination indicated under the flow to navigate to the previous or next location in the flow.
Viewing the issue management history and comments
- Retrieve the issue and open its detail view as described above in Retrieving issues.
- Open the Activity tab.
Was this page helpful?
© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
