SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C++

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

  • All rules 674
  • Vulnerability13
  • Bug139
  • Security Hotspot19
  • Code Smell503

  • Quick Fix 91
Filtered: 24 rules found
since-c++17
    Impact
      Clean code attribute
        1. The optional init-statement in a control statements should only be used to declare variables

           Code Smell
        2. Assigning to an optional should directly target the optional

           Bug
        3. "try_emplace" should be used with "std::map" and "std::unordered_map"

           Code Smell
        4. "auto" should be used for non-type template parameter

           Code Smell
        5. Use "std::variant" instead of unions with non-trivial types.

           Code Smell
        6. "std::optional" member function "value_or" should be used

           Code Smell
        7. "std::byte" should be used when you need byte-oriented memory access

           Code Smell
        8. Inline variables should be used to declare global variables in header files

           Code Smell
        9. "if constexpr" should be preferred to overloading for metaprogramming

           Code Smell
        10. "[*this]" should be used to capture the current object by copy

           Code Smell
        11. "std::uncaught_exception" should not be used

           Code Smell
        12. "static_assert" with no message should be used over "static_assert" with empty or redundant message

           Code Smell
        13. Redundant class template arguments should not be used

           Code Smell
        14. "std::filesystem::path" should be used to represent a file path

           Code Smell
        15. "std::string_view" should be used to pass a read-only string to a function

           Code Smell
        16. Fold expressions should be used instead of recursive template instantiations

           Code Smell
        17. [[nodiscard]] should be used when the return value of a function should not be ignored

           Code Smell
        18. "as_const" should be used to make a value constant

           Code Smell
        19. Structured binding should be used

           Code Smell
        20. "if" and "switch" initializer should be used to reduce scope of variables

           Code Smell
        21. "std::visit" should be used to switch on the type of the current value in a "std::variant"

           Code Smell
        22. "std::scoped_lock" should be created with constructor arguments

           Bug
        23. "std::scoped_lock" should be used instead of "std::lock_guard"

           Code Smell
        24. Concise syntax should be used for concatenatable namespaces

           Code Smell

        "if constexpr" should be preferred to overloading for metaprogramming

        intentionality - clear
        maintainability
        Code Smell
        • since-c++17

        Why is this an issue?

        C++17 version of the standards introduces if constexpr. If the constexpr keyword follows the if keyword in an if statement, then the if condition must be a constant and the then or else block is discarded at compile time, depending on the value of the constant.

        More precisely, if constexpr branches that are discarded are not going to be instantiated. This behavior enables us to write some overloaded function templates in a more readable way: you don’t need to use complex patterns (eg: by using std::enable_if) to make code compile.

        This rule points out where a complex overloaded functions template could simply be replaced by if constexpr.

        Noncompliant code example

        template<typename Type>
        typename std::enable_if_t<std::is_arithmetic_v<Type>> process(Type&& type); // Noncompliant, this function can be combined with the one below
        
        template<typename Type>
        typename std::enable_if_t<!std::is_arithmetic_v<Type>> process(Type&& type);
        
        template <typename It, typename Distance>
        void moveForward(It& it, Distance d, std::input_iterator_tag); // Noncompliant, this function can be combined with the one below
        
        template <typename It, typename Distance, typename T>
        void moveForward(It& it, Distance d, T);
        
        template <typename It, typename Distance>
        void moveForward(It& it, Distance d) { // Wrapper of the "moveForward" functions
            moveForward(it, d, typename std::iterator_traits<It>::iterator_category{} );
        }
        

        Compliant solution

        template<typename Type>
        void process(Type&& type) {
            if constexpr(std::is_arithmetic_v<type>) {
                // implementation
            } else {
                // implementation
            }
        }
        
        template <typename It, typename Distance>
        void moveForward(It& it, Distance d) { // Modifications have been directly done inside the wrapper
            if constexpr (std::iterator_traits<It>::input_iterator_tag) {
                // implementation
            } else {
                // implementation
            }
        }
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use