Are there docs or sources for the classes in the org.sonar.plugins.php.api.*

We are in the process of purchasing the developer edition, so in the mean time I’m writing a couple of custom PHP rules. So far I was able to use the example plugin to get going, and use the existing checks to get an idea of how they work. However, I noticed in my IDE (VS Code) that I don’t have any real docs for the classes in org.sonar.plugins.php.api.*. After checking the source on github, and downloading the sources and javadocs jars, I see that there are indeed no classes provided:

However, the plugin jar does have the necessary classes compiled. I tried to build the https://github.com/SonarSource/sonar-php/tree/master/sonar-php-plugin/ project off of master, but it’s just hanging for me at certain point (macOS 11.6, openjdk 11.0.12 2021-07-20 via homebrew, mvn 3.8.2 via homebrew):

➜  sonar-php-plugin git:(master) mvn compile
[INFO] Scanning for projects...
[INFO]
[INFO] ----------------< org.sonarsource.php:sonar-php-plugin >----------------
[INFO] Building SonarSource PHP analyzer :: Sonar Plugin 3.21-SNAPSHOT
[INFO] ----------------------------[ sonar-plugin ]----------------------------
Downloading from maven-default-http-blocker: http://0.0.0.0/org/codehaus/woodstox/stax2-api/maven-metadata.xml
Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/woodstox/stax2-api/maven-metadata.xml
Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/woodstox/stax2-api/maven-metadata.xml (856 B at 3.3 kB/s)

So, I’m not sure where those classes come from. Basically I’d like to get some sort of javadoc or source for them in the right place, so my IDE can pick it up for reference while I’m programming. Anyone able to shed any light on any of this?

Hey @jcross-te,

Welcome to the community!

The sources you might be looking for are in the php-frontend module: https://github.com/SonarSource/sonar-php/tree/master/php-frontend/src/main/java/org/sonar/plugins/php/api .

Regarding the issue with building: If you get no error message, and it seems to be stuck while downloading dependencies, maybe it is a temporary network problem. In general, you should be building from the root directory sonar-php. See README.

Best,
Karim.

Thanks for the quick response @Karim_El_Ouerghemmi !

Those sources helped me get on the track right. I got my first custom rule written with tests passing!

I’ll see if building the sonar-php-plugin from a different network fixes my other problem. I’d like to dig around to better understand how it is built.

1 Like

It seems my problem with the maven download hanging is due to the HTTP block feature of the latest maven releases. It tries to connect to http://0.0.0.0/ which hangs on my mac and eventually times out. It would have helped if they used an IP that would instantly fail. In any case, the reason this is being invoked is due to some old codehaus repos being referenced as transitive dependencies. Those repos no longer exist, for example:

    <repository>
      <id>codehaus</id>
      <name>Codehaus</name>
      <layout>default</layout>
      <url>http://repository.codehaus.org</url>
      <releases>
        <enabled>true</enabled>
        <updatePolicy>daily</updatePolicy>
        <checksumPolicy>warn</checksumPolicy>
      </releases>
    </repository>

If I could properly configure a mirror, or somehow download the packages so they are cached, it would probably build. However, I’ve had no success in doing so. I wonder if the build works for you due to an internal maven repository that would cache the packages. Would it be possible for you to try to build the project with only externally available mirrors to see if you get the same issue as me?

Finally got them to at least download. In the newer maven they added:

<mirror>
  <id>maven-default-http-blocker</id>
  <mirrorOf>external:http:*</mirrorOf>
  <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
  <url>http://0.0.0.0/</url>
  <blocked>true</blocked>
</mirror>

So I changed it to this in my ~/.m2/settings.xml:

        <mirror>
            <id>maven-default-http-blocker-to-https</id>
            <mirrorOf>external:http:*</mirrorOf>
            <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
            <url>https://repo.maven.apache.org/maven2</url>
            <blocked>true</blocked>
          </mirror>

I don’t know how great or safe that is, but I can at least get it to build now.

@Karim_El_Ouerghemmi so back to my original question about sources missing from the sources jar. It seems if I modify the pom.xml for sonar-php-plugin and add <createSourcesJar>true</createSourcesJar> to the maven shade plugin configuration, and then run mvn package at the root I get a sources jar from sonar-php-plugin that has all the sources I need. Pointing my IDE at that jar makes my IDE’s editing features work correctly. It looks like that would include a bunch of other sources as well from other non-sonarsource dependencies, so I can see why that may not be desirable to distribute. However, would it be possible to some how figure out how to make a uber source jar that includes the sources from the php-checks and php-frontend maven modules? That way the uber sources jar that is published to maven central would have the necessary sources in it for IDEs to use.

The primary reason I’m hoping to get this fixed, is I’m trying to get a plugin repository set up internally at my company with instructions on how to add new rules. It would simplify the process for new internal contributors if the sources jar from maven central would have everything necessary in it.

Hey @jcross-te,

Excuses for the delayed response on this.

I see the problem, and, indeed, <createSourcesJar>true</createSourcesJar> is not something we can simply add to the main pom, if it’s going to lead to all other dependencies’ sources being packaged as well.

I think that the main problem here is that, in the SonarPHP plugin, the code of org.sonar.plugins.php.api.* is split into two modules (sonar-php-plugin and sonar-php-frontend). This seems to confuse the IDE as it thinks downloading and looking into the sources of sonar-php-plugin, which is the immediate dependency, is enough. php-frontend-X.X.X.X-sources.jar, which is also published on maven central (example), has to be downloaded and considered by the IDE as well. I don’t know a good solution for this currently, but what you can do to allow code navigation to the sources in the IDE is:

  • Download the sources with mvn dependency:sources. This will also download the sources of sonar-php-frontend as it is a dependency of sonar-php-plugin
  • For IntelliJ this seems to already be enough
  • For VS Code, you can point to the JAR containing the sources as follows:


    When I did the previous steps for one class in VS Code, the navigation to all the other classes in org.sonar.plugins.php.api.* worked well.

Best,
Karim.

1 Like