How to create custom rules for Javascript

Himanshu · March 5, 2020, 7:34pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
7.9
what are you trying to achieve
Whenever any username or password fields are hardcoded in Javascript Code ,its should be treated as vulnerability
what have you tried so far to achieve this
I have gone through all the rules,and tried to create customr rules

weakon123-stack · March 5, 2020, 4:15pm

Hey where you able to figure out how to implement custom rules for javascript into sonarqube!!

Quentin · March 9, 2020, 10:13am

Hello,

Since 6.0 (Sep. 2019), custom rules implemented on SonarJS (the SonarQube plugin for JS analysis) are deprecated, you should avoid using this feature.

As an alternative, we advise you to write your custom rules based on Eslint, and then import them thanks to the external issues feature (see sonar.eslint.reportPaths key).

I believe this is a nice alternative, ESlint is a powerful tool, we are using it ourselves for the majority of our rules, and you will find plenty of documentation out here in case you are stuck.

Best,
Quentin

11136 · July 6, 2020, 8:01am

hi,i wonder that if this demo is useless ?

Quentin · July 6, 2020, 8:36am

Yes, this is an example of custom rules implemented on SonarJS, which is deprecated.

Otherwise, everything stated in my first post stays true.