I want to add customized java rules in sonarqube. I have googled it and found that we need to make a pluggin for that. But can't find any proper link describing to make the rule. Any help would be appreciable.
You can follow "Writing Custom Java Rules 101", which describes how to make a sonar-packaging-maven-plugin artifact.
When implementing a rule, there is always a minimum of 3 distinct files to create:
A test file, which contains Java code used as input data for testing the rule
A test class, which contains the rule's unit test
A rule class, which contains the implementation of the rule.
As mentioned in "Custom Rules for Java", To go further, you can explore a sample plugin containing other custom rules.
This project can be browsed or downloaded.
Related
Does SonarQube have a rule which will scan a files content for a reqular expression and if found during a scan will mark as an issue?
Example:
I want a rule which that will scan each file for the word "AcmeProducts" and mark it as "Critical" if found.
Thanks
Jason
I was able to accomplish this by creating a custom rule based on the Comment pattern matcher rule in sonarqube.
I'm not sure if such rule exists.
You could implement a custom plugin to provide such rule.
Something that's very close to what you need is the HasTagSensor of the Xoo Plugin, which is not a real plugin, but a sample to demonstrate and test features of the plugin API.
The HasTag rule implementation that I linked raises an issue for each occurrence of some configured string (not a regex).
Based on this, you could implement a rule that uses a regex parameter instead of a string.
I think that what you are looking for is implemented in the sonar checkstyle plugin.
To configure such a rule :
Install the sonar checkstyle plugin. The instructions to follow is
given here, on the sonar checkstyle plugin GitHub page :
https://github.com/checkstyle/sonar-checkstyle.
Reboot your sonar instance to make the new plugin available
Configure a new rule, using the following menu sequence :
"Quality profile"
select the quality profile to modify
in the rule list, select "Activate more"
in the "repository" section, select "checkstyle" to filter checkstyle's plugin rules
select the rule template "Regexp Singleline" and create a new rule base on a regex detecting your prohibited key word.
The defs defined in spock such as
def "Login and Move to checkout page"(){
}
SonarQube considered it as groovy method and shows as bug that the method name should start with small l and not capital L [Login and Move....}
Could you please somebody help in customize sonar rule so that it ignores spock method
If it is not required on your project you may exclude Spock tests from Sonar analyzing at all:
sonar.exclusions=src/test/*.groovy
Otherwise you should probably find the corresponding rule and change the default regular expression, e.g. ^[a-zA-Z0-9]+$. But I am not sure you can do this specifically only for groovy test files.
I have configured the Sonarqube to ignore Sonar's rule "Method name" for folder where Geb spock scripts are present
It works fine
To know how to configure,follow below steps:
1.Goto Administration tab->Analysis Scope->Issues
2.There , you will find "Ignore Issues on Multiple Criteria".
3.Provide Rule ID in "Rule Key pattern" textbox [Rule ID can be found by clicking on the particular rule and find it in top right
corner]
4.Provide Filepath for which you need to ignore rule in "File Path Pattern" textbox
5.Click on Save Issues settings
Refer below images to know where to see the rule name and where to configure the path
I have a web app project where the quality is measured under sonarqube.
As i'm dealing with an external code within my project files
Recently i have had some issues appearing due to that exetrnal code and which i'm not focusing on its quality :
So i wanna just delete the issue to appear from my sonar dashboard (which looks like the following):
The solutions that i have had where not really usefull , as :
i was suggested to change the level of the rule itself from "issue" to "info" :
And of course that seems to be not usefful because , i won't affect the rule itself
the second suggestion was to use the :
#SuppressWarnings decorator in my blocks of code where the issues appeared ; : for example use it under classes or methods or even fields
-> this method results in adding some code to my extarnal code and that won't be also good as i'm not even having the permission to do it.
I wanna just the simpliest solution to delete the issue from the sonar dashboard , just suppress it from the SonarQube interface , strangely it seems that there is no a direct way to do it :
Any better ideas ??
The easiest way is excluding external code from the report with narrowing the focus feature.
Just add to your sonar-project.properties file path pattern to exclusion, for example
# Exclude all classes ending by "Bean"
# Matches org/sonar.api/MyBean.java, org/sonar/util/MyOtherBean.java, org/sonar/util/MyDTO.java, etc.
sonar.exclusions=**/*Bean.java,**/*DTO.java
# Exclude all classes in the "src/main/java/org/sonar" directory
# Matches src/main/java/org/sonar/MyClass.java, src/main/java/org/sonar/MyOtherClass.java
# But does not match src/main/java/org/sonar/util/MyClassUtil.java
sonar.exclusions=src/main/java/org/sonar/*
If you're not interested some issues because it's not your code, then you should not have SonarQube analyze that code. According to the SonarQube documention:
We recommend that you exclude generated code, source code from
libraries, etc.
You should check in particular the following settings in the same documentation page:
sonar.sources
sonar.exclusions
These settings will be taken into account the next time you run an analysis.
I am new to Sonar, in our project we are using SonarQube. Please tell the steps to get all the rules defined.
In what format? You can view them all using the rule search interface:
Or get them as JSON using the rule search api
I am new to sonar,just heard about this tool.
Can we use this tool to perform code review for FMW(Fusion Middleware) -OSB(Oracle Service Bus)/BPEL project ?
If so can anyone give some inputs on this?
The official plugin-List : http://docs.codehaus.org/display/SONAR/Sonar+Plugin+Library/ does not mention support for your tools.
But sonar can be extended with custom plugins, so you may be able to write your own plugins to provide metrics for your tools.
What level of review you want to cover? It is really easy to make your own review tool for BPEL. All BPEL resources are XML files. For example if you want to check for naming convetion of BPEL activities, you can define a simple XPath based rule.
Ex:
//sequence/#name ~= "^sequence.*".
A Java program can use the above XPath to pull-out all sequence names from the xxxx.bpel file and compare it against a regular expression. Similar rules can be created for checking WSDL usage, partner links, end-point addresses, usage of Error handling etc.