I am writing this post because I don’t know if it is possible to do what I have in mind.
I am developing a plugin in PHP to detect certain potentially dangerous functions.
I have already developed the plugin and it works correctly, but when I scan the branches, the issues are detected as code smell and I would like them to be security hotspot, but I don’t know how to do it.
Rule(
key = ForbiddenFunctionUseCheck.KEY,
priority = Priority.MAJOR,
name = “Using a restricted php function is security-sensitive”,
tags = {“hotspot”}
)
I have this rule defined, but I don’t know if it is possible to set the type of issue.
Thank you for your answer, I am seeing that there are three types (BUG, CODE SMELL AND VULNERABILITY) but you know if it’s possible to change the type to security hotspot.
In the documentation explain:
public abstract RulesDefinition.NewRule setType(RuleType t)
The type as defined by the SonarQube Quality Model.
When a plugin does not define rule type, then it is deduced from tags:
if the rule has the "bug" tag then type is RuleType.BUG
if the rule has the "security" tag then type is RuleType.VULNERABILITY
if the rule has both tags "bug" and "security", then type is RuleType.BUG
default type is RuleType.CODE_SMELL
Finally the "bug" and "security" tags are considered as reserved. They are silently removed from the final state of definition.
Reading the documentation, I guess I can’t set the security hotspot type.
I am seeing this article in the documentation RuleType (sonar-plugin-api 9.8.0.203 API) but when I changed the type in my IDE and I compiled the plugin, in the terminal said that cannot find symbol
symbol: variable SECURITY_HOTSPOT
location: class org.sonar.api.rules.RuleType