How to check Beanshell/Java inside XML files (Sailpoint IIQ product)

On Sonarqube 6.7.6 (build 38781) community/opensource


I’m working with a product called Sailpoint IIQ which uses Beanshell (basically interpreted Java) which is stored inside XML documents. Since Beanshell is interpreted, it is never compiled during the build process, the XML files are only copied into the resulting WAR file.

When I run Sonar scanner against the source code, the XML files only get checked against XML rules defined in Sonarqube, but I would like it to check by applying Java rules on the Beanshell inside instead.

Is there a way to configure Sonar scanner to do the following on XML files:

  1. Find all tags in the XML file
  2. Extract/read the Beanshell code from a <[CDATA]> section inside the tag
  3. Apply Java rules on the extracted Beanshell

(I think Java rules have to suffice since I did not find a Beanshell ruleset for Sonar).


1 Like

Hi T,

Welcome to the community!

Java analysis requires both the code and the compiled class files, so even if you were able to point the Java analyzer at the code in these XML files, it still wouldn’t work as-is.

If you really want to pursue this, you’ll need to create a process that runs before analysis to extract and compile that code.