Uploaded image for project: 'SonarLint Core Library'
  1. SonarLint Core Library
  2. SLCORE-296

Fetch and provide code snippet for secondary locations of taint vulnerabilities

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.1
    • Component/s: Core
    • Labels:
      None

      Description

      To display taint vulnerabilities locations accurately in the IDE, we need to match the source code in case local code has differences compared to the code that has been analyzed.

      When fetching issues, we need to fetch the source code of the files involved in any secondary location.
      We should probably not store the entire file content in the SonarLint local storage, but instead store the code snippet corresponding to the text range. Or maybe just a hash?

      For performance reason, we should probably only do it for vulnerabilities, and only when issues are fetched for a single file.

        Attachments

          Activity

            People

            Assignee:
            julien.henry Julien Henry
            Reporter:
            julien.henry Julien Henry
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: