Analysis of XML documents

xml

(Peter) #1

Hi,

We have a custom framework that allows us to create UI screens. This framework has a view in which you develop, but the end result that is deployed is an XML file that contains all the metadata.

We are in the process of verifying whether SonarQube analysis might be a good fit to do automatic code analysis on the XML files. We have done some testing and there are a couple of questions that are not clear:

  1. The following page indicates that you can only use XPath to create custom rules.

After creating some rules it’s clear that a lot can be achieved with regular XPath, but there are scenario’s where we would like to be able to do more. For example: do a comparison over multiple files, verify data that needs access through another system, …

Would it be possible to code rules for XML via a Java SonarQube plugin? If yes, is it also possible to have those rules validated through SonarLint?

  1. SonarLint currently does not support XML. Is there any solution (including paid) available that allows us to verify xml based rules in Eclipse? Or does it mean we have to create a custom plugin ourselves? Or is there a guide on how to extend the SonarLint plugin? I checked the Github page of SonarLint but there is no real documentation available.

Thanks in advance.


(Nicolas Bontoux) #2

Hi Peter,

I can see you are openly exploring possibilities to fulfil your use-case. As far as SonarSource products are concerned, I can confirm the following:

  • SonarQube: XML custom rules can only be implemented via XPath (using the rule Track breaches of an XPath rule)

  • SonarLint:

    • XML is currently not supported, see discussion here
    • SonarLint does not support 3rd-party analyzers (relates to the requirements of delivering in-IDE analysis on-the-fly). Only rules extending APIs from built-in analyzers can eventually be marked compatible with SonarLint (though as you noticed, the XML analyzer does not offer Java extension APIs).