Is it possible for write a new detection rule for PHP leveraging the existing SQ's taint analyzer for PHP?

Username1 · November 18, 2021, 6:40am

SonarQube Developer Edition

Is it possible for write a new detection rule for PHP leveraging the existing SQ’s taint analyzer for PHP? Can we do it in the Developer Edition? Instead of inventing a wheel it could be easier to reuse SonarQube’s taint analysis engine and just work more on adding sources, sinks, sanitizers, passthroughs.

ganncamp · December 3, 2021, 8:49pm

Hi,

Sorry, writing custom rules isn’t possible. But starting in Enterprise Edition($$) you have the ability to customize taint analysis to specify exactly those things.

HTH,
Ann