I am a security tester and I am using the sonar community edition. I hope to add some python security scanning rules based on the existing rules, but due to my poor java foundation (approximately no foundation) and brief official documentation, And it’s hard to find articles on python language plugin development on the Internet. Can you provide me with some information or more friendly official documents so that I can understand how to write the interface of python custom rules. Thinks!!!
Sorry for the very late reply.
There’s indeed very little documentation about how to write custom rules for our Python analyzer. The documentation page for the Python analyzer explains a few things.
There’s also a repository where we have examples for custom rules. I think that you already found it. We didn’t maintain it for some time but we recently fixed a few issues in it.
Writing a custom plugin is not trivial, especially when you have little experience in writing Java.
If you want to write one because you think that the Python analyzer misses a few rules, we would be very interested in knowing which rules you’re thinking about. If those rules can be useful to many users, we could consider writing and maintaining them as part of the Python analyzer.