Track uses of disallowed dependencies pattern

SonarQube Server / Community Build Writing rules
1

I am trying to expend the XML rule to scan through the POM.xml file to capture unapproved usage of library so my requirements are below

  • Minimum allowed version: 1.7.0
  • Version: 1.9.2

what is the pattern I should use

2

Welcome :slight_smile:

not sure if you’re able to extend the xml rules, but maybe this community plugin is an option !?

Gilbert

3

Screenshot 2024-04-14 at 12.45.45
Screenshot 2024-04-14 at 12.45.451824×910 72.9 KB

in the shown screenshot this is the template we reusing to check the dependency version I want to understand more on the pattern to be used

4

The parameters of xml:S3417 are explained in detail, what is the problem?

5

I used the below pattern to limit the dependency version from 1.7.3 and above but it is not working

1.0-7.0-2

6

Never used this template so far, but i would try 1.7.3-* as dependency version pattern for your case.

7

HI,
the pattern is for the negative case not the positive … so the pattern should indicate which versions are not allowed where the pattern you have shared is for the positive scenario

8

Hi,

you’re right, after checking the sources

and the informations here

HTTP Connector Release Notes - Mule 4 | MuleSoft Documentation has version 1.1.0 (deprecated) listed as first version - don’t know if there are other versions in the wild.

the pattern should be something like that !?

0.*.*-1.7.3
or
1.1.0-1.7.3

EDIT

according to this test

this should also work
*-1.7.3

Gilbert

9

yes this is working :slight_smile: … the only comment is the range is inclusive which means if 1.7.3 is allowed you have to do *-1.7.2 … otherwise works like magic … .thanks a lot :slight_smile:

1 Like
10

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.