Adding custom Go/Slang Rules

There’s an excellent tutorial on adding custom rules for Java here https://github.com/SonarSource/sonar-java/blob/5.14.0.18788/docs/CUSTOM_RULES_101.md, along with plugin templates at https://github.com/SonarSource/sonar-custom-rules-examples

I’d like to add some custom rules for Go, to supplant some other code analyzers I currently use and have everything integrated in SonarQube. I currently use the linter import feature for this, but that’s not nearly as good as having them as integrated rules (I can’t set priority and assign issued and add help text and so on if they just come from a linter import.)

The rules I want to add are fairly simple – they’re basically regex checks, so I can write them using the code for, e.g., slang/checks/HardcodedCredentialsCheck.java as a template.

However, since Go is now part of the Slang framework, I’m having trouble figuring out what all I need to do to get the check to actually run, but only for Go code. I’m amenable to either forking the slang plugin or writing my own separate plugin, but I can’t seem to locate any documentation equivalent to the “Registering the rule in the custom plugin” section of the Java documentation to make it run.

Is there any sample code or instructions on how to add a rule to the current slang-based sonar-go?

Hello, welcome to the community!

Custom rules for Go (and all slang based languages) is not yet supported. We take good note of your interest and will be eager to consider it if there is a popular interest.

Concerning the rules you want to implement, do you think they may benefits to others? If yes, you should definitely consider proposing them directly.

I’m amenable to either forking the slang plugin […]

:warning: I have to warn you should think twice before starting in this direction. Slang is still in his early age, path the plugin (and even the whole Sonar ecosystem) may take in the future could give you a hard time, and troubleshooting such kind of issue is hard.

Now that you are correctly warned, if you just want to play with it…
Despite the fact that Slang is initially designed for language agnostic rules, you could add a new one (based on Slang, therefore not using any language specific node) with proper metadata, and add it to the GoCheckList. At first glance, it’s already enough to naively have a first rule running.

I hope this clarifies the situation.

Best,
Quentin