Fetching Variable values in SonarQube custom plugin

som-shekhar · October 18, 2019, 10:34am

I am writing a custom sonar qube plugin, and as part of this plugin I have to replace the variables with actual values inside a method and then proceed with some analysis.

If the function directly returns me a literal then it’s okay (Refer the first code) but if a function is returning me a member variable and this member variable is set by some other method, then I am not able to retrieve this.(Refer the second code)

What I am able to do till now is as follows:

class VariableReplacement {
  void foo2(int value) { 
    Model model = new Model();
    String tableName = model.getTableName();
    k = method("something " + tableName); // Noncompliant
  }
}

class Model {
  public String getTableName() {
    return "sample";
  }
}

In the above code , k = method("something "+ tableName);, I am able to replace the variable tableName by sample which is returned by the method getTableName().

But now I have the following situation, where the variable tableName in the class Model is set by the setter method and I am trying to retrieve the variable via getTableName() method and it is not working

class VariableReplacement1 {

  void foo2(int value) { 
    Model model = new Model();
    model.setTableName("sample");

    String tableName = model.getTableName();
    k = method("something" + tableName); // Noncompliant
  }
}

class Model {
  private String tableName;

  public String getTableName() {
    return tableName;
  }

  public void setTableName(String tabName) {
    this.tableName=tabName;
  }
}

Well there is SymbolicExecution and CFG(ControlFlowGraph) concept, but it’s not clear how to proceed with this problem.

Michael · October 24, 2019, 10:13am

Hello Sharma,

You didn’t mention it, but according to the syntax of your example, I will assume that you are targeting Java code.

Now, to answer your question, I fear that what you try to achieve is not going to be possible with SonarJava. This use case is out of the reach of our engines. Keep in mind that we are building (advanced) static analysis engines, but tracking values within object instances is closer from dynamic analysis, and therefore slightly out of our domain of expertise.

About what you suggest:

While the CFG is part of the SonarJava API, it probably won’t help you much to keep track of values. At best, you will know that a setter/getter is called during the execution flow. I would therefore use this knowledge to maybe get rid of FPs, by tracking invocations along the flow, but tracking constant itself won’t be possible.
The Symbolic Execution engine (SE) relies on the CFG to explore states of a program, focusing on a very limited set of values/constraints. It is not part of API and therefore not available for custom rules. However, while it can currently follow some sort of execution path and track presence of very precise values, its capacities abruptly stops when reaching instances of objects (which is your use case). We do not store state of objects, nor constant values, and the SE engine would not be able to handle your problem.

Hope this helps,
Michael

som-shekhar · October 24, 2019, 11:16am

Thanks Michael for you response

Topic		Replies	Views
[java:s1117] FP when just fetching value t oa local variable SonarQube Server / Community Build java , sonarqube , sonarqube-ide	3	580	August 28, 2023
SonarQube V9 environment variable not available in custom plugin Plugin Development	7	828	January 12, 2022
S6212: Always replacing variable with "var" may be confusing SonarQube Cloud java	5	3140	June 10, 2021
How implement sonar rules in a custom plugin Writing rules java	3	809	August 24, 2021
Getting parameters inside an Expression for declared variable Writing rules java	5	35	August 6, 2024

Fetching Variable values in SonarQube custom plugin

Related topics