diff --git a/sonar-project.properties b/sonar-project.properties index 8eab24b..dc98961 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -18,3 +18,16 @@ sonar.exclusions=.build*/**,**/_deps/** # CPD produces mostly false positives for this codebase. Since `sonar.cpd.skip=true` # does not work for C++ code, we use `sonar.cpd.exclusions=**/*` to effectively disable it. sonar.cpd.exclusions=**/* + +# Suppress selected SonarCloud issues (scope + rationale per entry): +sonar.issue.ignore.multicriteria=e1,e2 + +# e1 — cpp:S5145 (tainted input reaching an output sink), examples only: the demos read +# input and print it back, which is the point of a demo, not an injection surface. +sonar.issue.ignore.multicriteria.e1.ruleKey=cpp:S5145 +sonar.issue.ignore.multicriteria.e1.resourceKey=examples/**/* + +# e2 — cpp:S3659 (alternative operator tokens such as `not`), project-wide: deliberate +# readability choice — `not ` (with the trailing space) is harder to overlook than `!`. +sonar.issue.ignore.multicriteria.e2.ruleKey=cpp:S3659 +sonar.issue.ignore.multicriteria.e2.resourceKey=**/*