How can I configure SonarQube to analyze HaProxy config files

Hi, I am trying to analyze my haproxy.cfg file in SonarQube and I could not find any plugin or any related information on how I can go about running a SonarQube analysis on .cfg files. I would like to know if there is a plugin I could use to analyze config files and if not, is there a way for me to develop a custom plugin that could be mounted as a jar file to analyze config files. I wanted to analyze things like if the acl defined matched the backend that is being used, certificates used, etc. An example haproxy.cfg file is below:

global
maxconn 50000
log /dev/log local0
user haproxy
group haproxy
stats socket /run/haproxy/admin.sock user haproxy group haproxy mode 660 level admin
nbproc 2
nbthread 4
cpu-map auto:1/1-4 0-3

ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
timeout connect 10s
timeout client 30s
timeout server 30s
log global
mode http
option httplog
maxconn 3000

listen stats
log global
bind 0.0.0.0:9000
mode http
stats enable
stats hide-version
stats refresh 30s
stats show-node
stats auth admin:password
stats uri /stats

resolvers mydns
parse-resolv-conf
hold valid 10s

frontend http-in
bind *:80
bind *:443 ssl crt /etc/ssl/certs/mysite.pem

#Setup ACL

acl IS_mysite_context			path_beg		/mysite	



default_backend web_servers

backend web_servers
balance roundrobin
cookie SERVERUSED insert indirect nocache
option httpchk HEAD /
default-server check maxconn 20
server server1 10.0.1.3:80 cookie server1
server server2 10.0.1.4:80 cookie server2

backend mysite_server
timeout connect 5000ms
timeout server 5000ms
server mysite_container_1 mysite_1:9000 check resolvers mydns

Hello @KekeM,

Welcome to the SonarSource community. . We hope you’ll enjoy it
To my knowledge there is no plugin for HA Proxy configuration files.
That would sound to me like too much development effort to analyze rather small and unfrequent files.
If you still want to make a few checks, nothing prevents you to develop them yourself (not necessarily a full blown plugin but eg basic stuff based on regexp) and generate an issue report in the generic issue import format that you’ll be able to inject in SonarQube for your .cfg files.

Olivier

Thank you @OlivierK. While I was going through the generic issue import document I came across “linter” so, would we need to develop these via the linter? Could you please give me a starting point on how to develop this stuff based on regexp.

Unfortunately I can’t help you much on this. There are thousands of ways to develop that, and it would be your decision to pick the one that works for you depending on the level of expectations/sophistication and the effort you want to put into it.

As explained in my first post, the gold solution would be to develop a plugin (see https://docs.sonarqube.org/latest/extend/developing-plugin/) but my feeling is that it would be overkill. Developing a plugin is a significant undertaking, and probably you want to implement quite simple checks on your config files. there are potential simpler/cheaper ways to achieve what you want.