I would like to add a Sonar rule to forbid use of URL GET parameters.
I mean I only want to allow POST parameters in my application forms.
Can you help me to write this rule ?
Since the Web plugin doesn't support custom rules, you'll need to either write your own supplementary plugin (i.e. use the Web plugin plus the one providing your custom rule(s)) or submit a pull request to add your rule directly to the plugin. In either of those cases, you should probably look to the SonarQube Google Group for further discussion/guidance.
You didn't specify the language you want to analyse, but depending on which one you're using you can use XPath to analyse the syntax tree. If XPath isn't supported for your language you'll really have to write your own custom plugin like said in the other answer.
See here for each language support:
SonarDocs - Writing Custom Rules
If you do need to write a custom plugin, I can only recommend you to take a look at the existing code, starting with java.custom-rules
Related
I have read through the complexity documentation via SonarQube Metrics Definition. I have also dug through the Rules we have defined, but those only determine bugs in the code & their respective severity. Unfortunately it does not outline how we could go about defining custom complexity rules (i.e. if you do x, the complexity will be increased by 1).
Could anyone shed some light on this?
Your question didn't originally specify language, so for
Java - Writing Custom Java Rules 101.
JavaScript - Custom Rules for SonarJS
PHP - Custom Rules for PHP
COBOL - Custom rules for COBOL
These are brief tutorials to bootstrap rule writing. In writing your own rules, you'll likely have questions of the "How do I get to X?" nature. With those, you should open a new thread on the SonarQube Google Group.
On https://docs.sonarqube.org/display/PLUG/Custom+Rules+for+SonarJS, it says
Custom rules
This feature is deprecated
As a replacement, we suggest you to have a look at ESLint, it provides custom rules that you can then import thanks to the External Issues feature.
Using SonarQube 6.0, it seems that you are unable to add parameters to rules unless they are custom. Some rules that come with plugins allow parameters, however there seems to be no way to provide these. Also, it appears that you cannot copy a rule to make it custom and add parameters that way.
One such rule:
https://github.com/SonarSource/sonar-javascript/blob/master/javascript-checks/src/main/java/org/sonar/javascript/checks/UntrustedContentCheck.java
Any way to achieve this via the API?
Thanks
I have been fiddling with SONAR for some time now, and I would like to extend it to some point. I don't think I will be able to achieve this with a custom plugin but if I would introduce an additional controller and some views - it would get the job done.
Now as I understand, MVC model in sonar is written in RUBY, and I have yet to do research on ruby coding, but before I get to that - is my goal reasonable/achievable ?
Or can additional views and controllers can be added via plugin extensions ?
Basically I just need certain information gathered from sonar DataBase about the project, and displayed in a custom view for additional statistics.
Thanks.
P.S. I have hard time finding information for sonar development, maybe someone could recommend some forums discussing sonar extension topics ?
It is not possible yet to add Ruby controllers and views at the same time through a Sonar plugin. Currently, when extending Sonar Web interface, you can only:
Add a Ruby widget (that will be displayed on a dashboard): this is only a view
Add a Ruby web service API: this is only a controller
Add a GWT extension: here you can define a controller and a view
However, please note that we will drop GWT support in the future, and replace it with the possibility to define extension points that allow to write both controllers and views in Ruby.
So to answer your need, I would advise you to write a widget, like the ones you can see on Sonar source code here: https://github.com/SonarSource/sonar/tree/master/plugins/sonar-core-plugin/src/main/resources/org/sonar/plugins/core/widgets
HTH
I've looked at Sonar for a way to include custom fields for grouping/filtering data on-the-fly, including at addon extension points, but haven't seen anything that meets my criteria.
For example, for a multi-team project where all teams share the same repository project, I'd like to be able to filter the standard reports for single teams (encoding the team data for instance in a custom java annotation).
Is this possible? If so, how?
According to this discussion on the mailinglist: http://thread.gmane.org/gmane.comp.java.sonar.general/10059 ... http://thread.gmane.org/gmane.comp.java.sonar.general/10073
It is not possibile to have group-specific dashboards/reports/views. The only thing supported right now are filters.
I'm not aware of any custom solution.
When it comes to URL Rewriting there are some alternatives these days like the IIS7 module or Urlrewriter.NET. However, as far as I can see those two are based on wildcards which I sadly cannot use.
My problem is that the data I'm working with have no real structure. A made up example:
Something.aspx?page=4 might be /Weapons/Flails/
Something.aspx=page=5 might be /Clothes/Dresses/Blue/
i.e. there is no clear match between page id and what kind of page it is pointing to. I guess this requires some kind of lookup (slugs?) in a db.
How would I implement this in the easiest way? Does any of the existing alternatives offer a solution to this or do I have to build my own module?
Thank you.
IIS7 had a regular Expression option not just wild card it also has Rewrite maps. which i think is what you are looking for, it could be your look up table.
when you set up a rewrite rule, use the drop down to find the regEx option.
also when you create the rule, the option for the map is there.
You can also use the Managed Fusion URL Rewriter and Reverse Proxy. It support the Apache mod_rewrite sytnax of configuring rewriting. And you can use this method described on my blog to create a module that can do a database lookup of these old ID's and redirect them to the correct location.
http://www.coderjournal.com/2008/12/creating-extension-module-net-url-rewriter-reverse-proxy/
Please contact me through my blog if you would like help setting up this type of rewriting.