Custom plugin - can't use external maven dependency

hello,

regarding documentation sonar-java/CUSTOM_RULES_101.md at master · SonarSource/sonar-java · GitHub
and explained in topic Unable to use JUtils in Java custom urles - #7 by HAYOUNGCHOI
we can’t add external maven dependency.
Another solution is to reimplement or copy-paste the external library code in the custom plugin :frowning:
But, for example, I want to use the class “com.google.re2j.Pattern” instead of “java.util.regex.Pattern” because of a security error raised in our SonarCloud instance ( error “Make sure the regex used here, which is vulnerable to polynomial runtime due to backtracking, cannot lead to denial of service.” when “java.util.regex.Pattern.compile(…)”).
I can’t copy-paste the “com.google.re2j.Pattern.compile(…)” code because it’s too big and usgin a lot of internal classes.
I want to add “com.google.re2j:re2j” maven dependency to use it at runtime but if done it, I have a ClassNotFoundError when SonarQube started. Thus, SonarQube start crashes and it stops.

How can I resolve this point ?

SonarQube version : 9.9

thank you a lot.

Hi,

I’m pretty sure the issue you’re seeing is about the pattern you’re trying to compile and not about the method you’re calling to compile it with.

 
Ann