Custom Security Hotspot rules can no longer be created be created from templates

Jonah_IntegraDev · July 15, 2024, 5:04am

SonarQube version: 10.6
How SonarQube is deployed: zip
What I’m trying to achieve: Create a custom Security Hotspot rule from a template.
What I’ve tried so far to achieve this: Use the standard “Create Custom Rule” dialogue.

We frequently create custom Security Hotspots from template rules (like reviewing particular types or methods which we consider to be security-sensitive).

It looks like this use-case was broken recently when you guys redesigned the “Create Custom rule” to remove the now-deprecated issue types.

Now all we get is Category, Attribute, Software Quality, and Severity.

This all looks like Issue terminology, with no Security Hotspots in sight.
To my knowledge, Security Hotspots are meant to be first-class citizens in SonarQube and are not deprecated, so I’m finding that pretty surprising.

How can we make new custom Security Hotspots?

Jonah_IntegraDev · July 15, 2024, 6:08am

Worse, I can’t edit the (many) custom Security Hotspot rules that we already have.
The Save button is disabled in the Update Custom Rule dialogue, with no explanation.

This is quite a serious breaking change for us.

Jonah_IntegraDev · July 21, 2024, 11:46pm

Bump, I guess?

Jonah_IntegraDev · August 8, 2024, 11:38pm

Bump.

john.clifton · August 9, 2024, 11:59am

Hi @Jonah_IntegraDev ,

I’m sorry for the delay in answering you on this. We are looking into it and will come back to you.

John

john.clifton · August 9, 2024, 4:06pm

Hi @Jonah_IntegraDev ,

I’m sorry, it looks like we broke this by mistake.

Could you say a bit more about the steps you were going through here when this used to work please?

Are you working via the UI or APIs?
Is this being done with a custom plugin?
Which rule template are you using?

Thank you

John

Jonah_IntegraDev · August 12, 2024, 12:12am

Hi John,

Working via the UI.
Custom plugin (communitydelphi).
It’s a template rule (ForbiddenType).

There used to be an option to select the rule type in the Create Custom Rule UI, with Security Hotspot being one of those rule types. There is no equivalent functionality in the new UI.

Cheers,
Jonah

john.clifton · August 12, 2024, 3:57pm

Thank you @Jonah_IntegraDev we will look into fixing this.

john.clifton · December 13, 2024, 10:00am

Hi @Jonah_IntegraDev ,

I wanted to follow up with you on the issue you spotted. SonarQube Server (the new name for SonarQube) 10.8 is now available. You can now create custom rules from templates and select ‘security hotspot’ as the type again.

You can find out more about the release here: Release notes for SonarQube Server 10.8 | Documentation

Please let us know if you have any questions. Thank you again for spotting this problem!

John

system · December 20, 2024, 10:01am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Security Hotspot UI does not display rule descriptions properly SonarQube Server / Community Build sonarqube	5	786	May 4, 2020
Styling Security Hotspot Rules Plugin Development custom_plugin	3	879	September 2, 2020
Custom security hotspot checks SonarQube Cloud custom_rules , security , security-hotspot , sonarqube-cloud	1	750	April 20, 2021
How to deactivate some Security Hotspots? SonarQube Server / Community Build security , hotspots , security-hotspot	3	5780	March 2, 2021
Change sonar rule from Security Hotspot to Blocker issue New rules / language support sonarqube , issues , rules , security-hotspot	12	497	November 28, 2023

Custom Security Hotspot rules can no longer be created be created from templates

Related topics