duplicate sonarqube checkstyle rules - sonarqube

is there a possibility to duplicate existing checkstyle rules? I want Sonarqube to differ guideline rules.
Example:
The rule for method complexity should mark the method as [MINOR] when there is more than 10 lines of code per method and as [MAJOR] when there is more than 30 lines of code per method.
Maybe there is a particular plugin for this special case?
Thanks in advance

This is currently a limitation in SonarQube. However, it can be done partially.
For Checkstyle based rules, you can copy some rules (those that have a Copy Rule button; screenshot here under "Multiple activation of rules"). I've personally used this for the Comment Pattern Matcher and created a rule that matches TODO comments as INFO severity and another that matches FIXME comments as CRITICAL. As I understand your question, that is what you are looking for. I don't think this is possible for all parameterizable rules, though.
Also, for PMD based rules, there is this blog post which describes how to use the XPath rule template in order to create custom PMD rules. This could be a workaround for those PMD based rules that don't have a Copy Rule button.
The feature we would need is a Copy Rule button for every parameterizable rule. AFAIK, this does not exist yet.

Related

add only certain rules for sonar scanner instead of excluding

Instead of excluding or ignore rules in sonar's property file, I'd like to have only a few certain rules for sonar to analyse, so I don't need to exclude a large number of rules out of 344 rules for c++. How can I do that? (I'm not adding customized rules)
I imageine the syntax would be: (in .properties file)
sonar.issue.include.multicriteria=***
sonar.issue.include.multicriteria.***.ruleKey=cpp:S984
....
EDIT:
1, I need to configure this in a CLI environment.
2, It's about one project, two rule sets. one rule sets for local use and the other one for CI/CD use.
You need to craft a Quality Profile that contains only your rules of interest, and then either make it the default profile for C++, or explicitly assign your project to it.
BTW, correctly setting exclusions in properties (versus through the UI) is quite tricky. I'm not sure about the correctness of the ruleKey field name, and you're probably missing another field in there, but your syntax seems to be on the right track.

SonarQube: Change rules "time to fix" estimation and issue type

I have created a new quality profile in SonarQube 5.5 and added the rules I want to have with the severity (Info, Minor, Major, Critical, Blocker) I want to have - no problem so far.
Now I want to
edit the "time to fix" for each rule individually
add the classification for each rule (is it a bug, a violation or a code smell). This should be done on a "global level" for all projects. I know I can change the classification on a "per project" level.
You need the Governance commercial plugin to modify the rule time to fix (more precisely remediation cost/function in SonarQube terminology)
You cannot change the classification of a rule. You can only change the classification of a rule violation, i.e. issues.

sonarqube xpath rule match multiple file patterns

I'am building custom rules in SonarQube 5.1.2 and I can't find out how to apply a rule to multiple file types.
I've seen that ant-style file pattern is only one pattern, not a list.
Specifically I want my rule to match **/*.wsdl and **/*.WSDL and eventually files with other extensions.
Is there a better way to do this than replicating the rule?
thanks.

Can I edit some rules in SonarQube?

I wish to change the rule 'Left curly braces should be located at the end of lines of code' since we are using a different convention.
Thanks in advance!
As Sonarqube intends to provide the least possible configuration possible on rules: you should deactivate the rule with key squid:LeftCurlyBraceEndLineCheck and I am guessing that you want to activate the rule : squid:LeftCurlyBraceStartLineCheck
Please note that those rules have nothing to do with Checkstyle.

XACML Rule Subject

I am writing a policy with ordered-permit-overrides for the rules.
Rule 1 permits access to all content for anyone with an appropriate security level.
Rule 2 permits access to some content (3 resources) to anyone with alternative credentials.
Rule 3 denies access to everything else. This is a failsafe if a user has neither the security level or the credentials.
My problem is that I can get my server to run the program and rule 1 works fine. For rule 2 the only result I get if I give the values required is "deny" and if I leave any blank it is "indeterminate." I think the policy isn't running my rule 2 despite using ordered-permit-overrides.
I have tried running the script with rule 3 commented out, and the result is only "indeterminate" or "not applicable."
In rule 1 I left the target empty. For rule 2 I defined resources, but not subjects. Do I need to specify subjects to get this rule to work? Is there something else that could be causing my first and third rules to function, but not my second.
It would be great if you could share your policy here so we could have a look. What are you using to write and test the policy.
As you might know indeterminate is due to an error inside the PDP e.g. you are requiring that an attribute be present but you're not sending it or you're using a string-one-and-only (or any *-one-and-only) function on a missing attribute.
By the way, why don't you use first applicable as a combining algorithm?
Check out the ALFA plugin for Eclipse (it's free) to be able to quickly write your policies without having to know the XACML syntax: http://www.axiomatics.com/axiomatics-alfa-plugin-for-eclipse.html

Resources