Using SonarQube 6.0, it seems that you are unable to add parameters to rules unless they are custom. Some rules that come with plugins allow parameters, however there seems to be no way to provide these. Also, it appears that you cannot copy a rule to make it custom and add parameters that way.
One such rule:
https://github.com/SonarSource/sonar-javascript/blob/master/javascript-checks/src/main/java/org/sonar/javascript/checks/UntrustedContentCheck.java
Any way to achieve this via the API?
Thanks
Related
Is there a way to add array/object parameter to octopus custom step template?
Built in step "Deploy to IIS" allows to add collection of bindings. Can such functionality be added to a custom step?
I don't think it's possible to setup an array parameter for a custom step template. See Custom Step Templates documentation.
You could put an array into a variable and parse that with Powershell. Also, here is a custom step template example.
You could reach out to Octopus Support to see if they have any other recommendations or maybe add it to their UserVoice to see if others are interested in the feature.
I would like to add a Sonar rule to forbid use of URL GET parameters.
I mean I only want to allow POST parameters in my application forms.
Can you help me to write this rule ?
Since the Web plugin doesn't support custom rules, you'll need to either write your own supplementary plugin (i.e. use the Web plugin plus the one providing your custom rule(s)) or submit a pull request to add your rule directly to the plugin. In either of those cases, you should probably look to the SonarQube Google Group for further discussion/guidance.
You didn't specify the language you want to analyse, but depending on which one you're using you can use XPath to analyse the syntax tree. If XPath isn't supported for your language you'll really have to write your own custom plugin like said in the other answer.
See here for each language support:
SonarDocs - Writing Custom Rules
If you do need to write a custom plugin, I can only recommend you to take a look at the existing code, starting with java.custom-rules
My company has implemented a policy that all routes must have constraints, and I was wondering if anyone knows of a custom rule for FxCop (1.36) that will check the routes and flag any without constraints, or if it's even possible to do with FxCop.
I am unaware of any custom FxCop rules that check for route constraints. However, it's quite feasible to create such a rule if you only wish to check routes configured directly in code (as opposed to loaded from some other source like a config file). If you're unable or unwilling to tackle this yourself, you might want to try requesting the rule at http://fxcopaspnetsecurity.codeplex.com/.
I've looked at Sonar for a way to include custom fields for grouping/filtering data on-the-fly, including at addon extension points, but haven't seen anything that meets my criteria.
For example, for a multi-team project where all teams share the same repository project, I'd like to be able to filter the standard reports for single teams (encoding the team data for instance in a custom java annotation).
Is this possible? If so, how?
According to this discussion on the mailinglist: http://thread.gmane.org/gmane.comp.java.sonar.general/10059 ... http://thread.gmane.org/gmane.comp.java.sonar.general/10073
It is not possibile to have group-specific dashboards/reports/views. The only thing supported right now are filters.
I'm not aware of any custom solution.
I'm trying to figure out how if it is possible to provide guests (regular visitors) to my site with a form via the regular templates and let this form submission create an entry to a specified channel.
In essence, I would like to make a channel entry using a simple http-request and render a "frontend" response-page i suppose.
Does anyone know about any neat solutions for this?
EE doesn't support this out of the box - all users must be logged in order to allow them to modify channels/weblogs
There's a few plugins - http://www.putyourlightson.net/projects/logmein is one of them that allow "fake" users being logged in
Mix that up with SAEF and you might achieve what you want