I’m attempting to write some custom symbolic execution rules using java-symbolic-execution and following the structure from java-custom-rules-example, but I’m running into some issues.
I copied the java-custom-rules-example module, but replaced all the rules with only LocksNotUnlockedCheck. At first, this worked fine (i.e., all the tests passed). However, when I tried to move the package name to one outside of org.sonar, my tests started failing.
At first I thought this was because I couldn’t use SECheckVerifier outside of org.sonar, or because I had to add a getProgramState method to PostStatementVisitor as programState is protected in the superclass. However, I made these changes to a package in the org.sonar namespace and the tests still passed.
I’ve created a GitHub repository with these findings: the “inside” folder shows the rule passing tests while living inside the org.sonar package, while “outside” shows them failing when living outside org.sonar. The code in both folders is exactly the same besides the package.
So my question is: am I doing something incorrectly here, or is it not possible to write SE rules outside of org.sonar?