How can I create a rule to alert if exists a simple String in Source Code (any language)?

alevenelli · May 5, 2022, 12:35pm

We are using the “Community Edition Version 8.9.6 (build 50800)” and need to check if the developers are using a wrong URL to access some APIs. The language (C#, java, nodejs) doesn’t matter for us.

We need to alert this in a quality gate after sonarscanner…
Could you send us a simple example or documentation for this?

Thanks…

ganncamp · May 5, 2022, 5:14pm

Hi,

We don’t have any broad functionality for this. You might want to take a look at Adding Coding Rules.

HTH,
Ann

Alexandre_Gigleux · May 6, 2022, 6:57am

Can you clarify what you mean by providing some examples?

I’ve got the feeling you would expect this check to be configurable with more than just a simple string, maybe a regular expression. Am I correct?

Thanks
Alex

alevenelli · May 8, 2022, 11:59am

Hi, Alex…

As I’m talking about URL, this rule must be valid for any language. For example:
If the scanning find the string “HTTPS://api-infra.”, the sonarqube has to alert this at analysis report.

Venelli

Alexandre_Gigleux · May 9, 2022, 8:23am

As Ann said, we don’t have this possibility now, out of the box to configure a simple generic rule that will catch some Strings in the code and raise an issue. We received similar requests in the past and maybe we will come to it one day.

Meanwhile, I have 2 suggestions:

create a simple analyzer/plugin that will work on all the files indexed by SonarQube and “grep” your specific list of forbidden Strings
- you can get some inspiration from the SonarText analyzer
- or you could even do a PR on this repo to provide a generic template rule
write a simple tool outside of SonarQube that will “grep” your specific list of forbidden Strings and generate a file compatible with the Generic Issue Import Format.