Customising out-of-box sonar rule for COBOL

Hi All,

In our sonar environment we are looking for options and feasibility to customise few out-of-box rules for COBOL.

For example, There is an existing COBOL rule “Sections and paragraphs should not perform more than one SQL operation

Based on the coding standards in our application, we would like to add few checks and exceptions on top of this rule. Rather develop and add as new custom rule, we would like to know the feasibility to do the customisation in the existing rule source code.

Your thoughts and inputs would be much helpful. Thanks in advance!

Thanks,
Praveen

Hi Praveen,

Welcome to the community!

Sorry, but it’s not possible to customize rules without parameters. Perhaps you’d like to share what you have in mind? It’s possible we’ll think it’s a good idea too. :smiley:

 
Ann

Hi Ann,

Thanks for your response. In our application environment, below are few examples which we are thinking to customise.

The rule “Sections and paragraphs should not perform more than one SQL operation” need to customise to allow exceptions for certain paragraphs which execute SQL operations with temporary table.

The rule “Data items should never be accessed using more than one “OF” clause” need to customise to allow only the highest level of the data structure.

Thanks,
Praveen

Hi,

What you want to achieve is rather specific and I don’t think we will change our analyzer to behave that way.
If you really want those rules to behave that way, I’m afraid the only option is to implement custom rules. That’s not easy.

Pierre-Yves

1 Like

Hi Praveen,

Just to complete @pynicolas answer. We usually adapt a rule when it raises False Positives, i.e. issues on code which is correct, or when we can detect additional valid issues without changing the current behavior of a rule. We avoid adding parameters as the rule would not work correctly out of the box, i.e. without any configuration.

If you see False Positives you can report them on this forum in the section Report a Bug => False Positive. We will need to know why this is a false positive and how the rule should be modified to avoid them.

If the False Positive happens only in a few rare projects (ex: it is specific to one company) we probably won’t modify the rule. In this case we usually recommend to disable the rule. If the rule goes against common code practices for COBOL we will fix the rule or remove it from the “Sonar Way” quality profile.

If you see False Negatives, i.e. valid issues which are not reported, you can report them in this forum’s section Suggest new features => New rules. They are prioritized based on the value they provide, i.e. is it a common mistake and do all COBOL developers agree with it, and the difficulty to detect them.

Nicolas

Thanks @pynicolas and @Nicolas_Harraudeau for your inputs.

Yes, I do agree that our requirements are more specific as we have certain coding standards placed in application development and it should be strictly followed.

Reviewing the coding standards for each modules consume significant time for the master developers. Hence we are trying to automate those review process using sonarqube to validate the standards and raise issues if the standards are not met.

That is when we started thinking about the rule customisations. We have already developed and tested couple of custom rules using the java sonarqube plugin. But as @pynicolas mentioned it looks not an easy task for certain rules which we want to achieve in our application environment.

I hope it is worth here to share the challenges in one of the custom rule which we want to develop and get assistance from the community.

Our requirement is to scan and check if “All the variables declared in working storage section should be used at least once within procedure division and report issue if any unused variable declaration is found”.

But we get many false positives when COPYBOOKs are included in working storage section as it is not necessary to use all the copy variables in the procedure division. Hence we want to exclude the copybook variables from scan for this specific rule alone.

Any inputs to skip copybook variables from sonar scan for a specific rule would be much helpful.

P.S.: “NO SONAR” comment is not permissible/suggested practice in application code as per code development policy

Thanks,
Praveen

Our COBOL analyzer has a rule which is not very far from what you’re trying to do: https://rules.sonarsource.com/cobol/RSPEC-1289

To fix the behavior of your custom rule, you may use: