SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
Dart

Dart static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your DART code

  • All rules 126
  • Vulnerability4
  • Bug15
  • Security Hotspot8
  • Code Smell99
Filtered: 17 rules found
cwe
    Impact
      Clean code attribute
        1. Exposing native code through JavaScript interfaces is security-sensitive

           Security Hotspot
        2. Pubspec urls should be secure

           Vulnerability
        3. Enabling JavaScript support for WebViews is security-sensitive

           Security Hotspot
        4. Cipher algorithms should be robust

           Vulnerability
        5. Encryption algorithms should be used with secure mode and padding scheme

           Vulnerability
        6. Using clear-text protocols is security-sensitive

           Security Hotspot
        7. Accessing Android external storage is security-sensitive

           Security Hotspot
        8. Server certificates should be verified during SSL/TLS connections

           Vulnerability
        9. Using weak hashing algorithms is security-sensitive

           Security Hotspot
        10. Exceptions should not be ignored

           Code Smell
        11. Using pseudorandom number generators (PRNGs) is security-sensitive

           Security Hotspot
        12. Code annotated as deprecated should not be used

           Code Smell
        13. Unused assignments should be removed

           Code Smell
        14. "==" operator and "hashCode()" should be overridden in pairs

           Bug
        15. Jump statements should not occur in "finally" blocks

           Bug
        16. Track uses of "TODO" tags

           Code Smell
        17. Track uses of "FIXME" tags

           Code Smell

        Exceptions should not be ignored

        intentionality - clear
        maintainability
        Code Smell
        • cwe
        • error-handling
        • suspicious

        Why is this an issue?

        More Info

        When exceptions occur, it is usually a bad idea to simply ignore them. Instead, it is better to handle them properly, or at least to log them.

        Noncompliant code example

        void save() {
          try {
            saveDocument();
          } catch (exception) {
          }
        }
        

        Compliant solution

        void save() {
          try {
            saveDocument();
          } catch (exception) {
            log(exception);
          }
        }
        
        void save() {
          try {
            saveDocument();
          } catch (_) { // Compliant, ignored intentionally
          }
        }
        
        void save() {
          try {
            saveDocument();
          } catch (exception) { // Compliant, left a comment
            // ignored intentionally
          }
        }
        
          Available In:
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          10.7

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use