SonarSource Rules

Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Flex static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your FLEX code

Security Hotspot1

Tags

Impact

Clean code attribute

The "trace" function should not be used
Vulnerability
Security.allowDomain(...) should only be used in a tightly focused manner
Vulnerability
The flash.system.Security.exactSettings property should never be set to false
Vulnerability
"LocalConnection" should be configured to narrowly specify the domains with which local connections to other Flex application are allowed
Vulnerability
"Alert.show(...)" should not be used
Vulnerability

"Alert.show(...)" should not be used

Vulnerability

This rule is deprecated; use S4507 instead.

Why is this an issue?

More Info

Alert.show(...) can be useful for debugging during development, but in production mode this kind of pop-up could expose sensitive information to attackers, and should never be displayed.

Noncompliant code example

if (unexpectedCondition)
{
  Alert.show("Unexpected Condition");
}

Available In:

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Available Since
9.1

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.1