SonarQube - Rule based on defined regular expression. - sonarqube

Does SonarQube have a rule which will scan a files content for a reqular expression and if found during a scan will mark as an issue?
Example:
I want a rule which that will scan each file for the word "AcmeProducts" and mark it as "Critical" if found.
Thanks
Jason

I was able to accomplish this by creating a custom rule based on the Comment pattern matcher rule in sonarqube.

I'm not sure if such rule exists.
You could implement a custom plugin to provide such rule.
Something that's very close to what you need is the HasTagSensor of the Xoo Plugin, which is not a real plugin, but a sample to demonstrate and test features of the plugin API.
The HasTag rule implementation that I linked raises an issue for each occurrence of some configured string (not a regex).
Based on this, you could implement a rule that uses a regex parameter instead of a string.

I think that what you are looking for is implemented in the sonar checkstyle plugin.
To configure such a rule :
Install the sonar checkstyle plugin. The instructions to follow is
given here, on the sonar checkstyle plugin GitHub page :
https://github.com/checkstyle/sonar-checkstyle.
Reboot your sonar instance to make the new plugin available
Configure a new rule, using the following menu sequence :
"Quality profile"
select the quality profile to modify
in the rule list, select "Activate more"
in the "repository" section, select "checkstyle" to filter checkstyle's plugin rules
select the rule template "Regexp Singleline" and create a new rule base on a regex detecting your prohibited key word.

Related

Add java rules in sonarqube

I want to add customized java rules in sonarqube. I have googled it and found that we need to make a pluggin for that. But can't find any proper link describing to make the rule. Any help would be appreciable.
You can follow "Writing Custom Java Rules 101", which describes how to make a sonar-packaging-maven-plugin artifact.
When implementing a rule, there is always a minimum of 3 distinct files to create:
A test file, which contains Java code used as input data for testing the rule
A test class, which contains the rule's unit test
A rule class, which contains the implementation of the rule.
As mentioned in "Custom Rules for Java", To go further, you can explore a sample plugin containing other custom rules.
This project can be browsed or downloaded.

Sonarqube: Php equivalent annotation for ignoring sonarqube rule

I know that in Java, we can ignore the a Sonarqube rule for specific method with annotations. For example...
#SuppressWarnings("squid:S2078")
With php, I have not narrowed down how to do this yet. Is there an equivalent example that ignores one rule for a specific piece of code (not necessarily for a class/function, but it would be a start :) )
The current version of php analyser (SonarPhp 2.14 in SonarQube 7.3) does not have a feature (annotation based or not) for ignoring a specific rule.
The php analyser only support one issue filtering, the NoSonarFilter that disable all rules at a specific line by using a comment containing NOSONAR.
If a rule generate some false positives, or if you are facing a real life example where such filter is require, you can provide some feedback at community.sonarsource.com

Spock definitions starting with caps letter are considered as groovy methods and shown as bug in SonarQube

The defs defined in spock such as
def "Login and Move to checkout page"(){
}
SonarQube considered it as groovy method and shows as bug that the method name should start with small l and not capital L [Login and Move....}
Could you please somebody help in customize sonar rule so that it ignores spock method
If it is not required on your project you may exclude Spock tests from Sonar analyzing at all:
sonar.exclusions=src/test/*.groovy
Otherwise you should probably find the corresponding rule and change the default regular expression, e.g. ^[a-zA-Z0-9]+$. But I am not sure you can do this specifically only for groovy test files.
I have configured the Sonarqube to ignore Sonar's rule "Method name" for folder where Geb spock scripts are present
It works fine
To know how to configure,follow below steps:
1.Goto Administration tab->Analysis Scope->Issues
2.There , you will find "Ignore Issues on Multiple Criteria".
3.Provide Rule ID in "Rule Key pattern" textbox [Rule ID can be found by clicking on the particular rule and find it in top right
corner]
4.Provide Filepath for which you need to ignore rule in "File Path Pattern" textbox
5.Click on Save Issues settings
Refer below images to know where to see the rule name and where to configure the path

How to delete an issue from SonarQube interface

I have a web app project where the quality is measured under sonarqube.
As i'm dealing with an external code within my project files
Recently i have had some issues appearing due to that exetrnal code and which i'm not focusing on its quality :
So i wanna just delete the issue to appear from my sonar dashboard (which looks like the following):
The solutions that i have had where not really usefull , as :
i was suggested to change the level of the rule itself from "issue" to "info" :
And of course that seems to be not usefful because , i won't affect the rule itself
the second suggestion was to use the :
#SuppressWarnings decorator in my blocks of code where the issues appeared ; : for example use it under classes or methods or even fields
-> this method results in adding some code to my extarnal code and that won't be also good as i'm not even having the permission to do it.
I wanna just the simpliest solution to delete the issue from the sonar dashboard , just suppress it from the SonarQube interface , strangely it seems that there is no a direct way to do it :
Any better ideas ??
The easiest way is excluding external code from the report with narrowing the focus feature.
Just add to your sonar-project.properties file path pattern to exclusion, for example
# Exclude all classes ending by "Bean"
# Matches org/sonar.api/MyBean.java, org/sonar/util/MyOtherBean.java, org/sonar/util/MyDTO.java, etc.
sonar.exclusions=**/*Bean.java,**/*DTO.java
# Exclude all classes in the "src/main/java/org/sonar" directory
# Matches src/main/java/org/sonar/MyClass.java, src/main/java/org/sonar/MyOtherClass.java
# But does not match src/main/java/org/sonar/util/MyClassUtil.java
sonar.exclusions=src/main/java/org/sonar/*
If you're not interested some issues because it's not your code, then you should not have SonarQube analyze that code. According to the SonarQube documention:
We recommend that you exclude generated code, source code from
libraries, etc.
You should check in particular the following settings in the same documentation page:
sonar.sources
sonar.exclusions
These settings will be taken into account the next time you run an analysis.

How to get all the rules defined in Sonar?

I am new to Sonar, in our project we are using SonarQube. Please tell the steps to get all the rules defined.
In what format? You can view them all using the rule search interface:
Or get them as JSON using the rule search api

Resources