Unable to deploy custom java rules after using 'AbstractMethodDetection'

I checked out the latest sonar-custom-rules-examples code and added a custom rule. It all compiles, tests, and builds correctly. When I deploy the plugin to a local Sonar instance (7.7-community), the plugin fails with class not found exceptions:

Caused by: java.lang.ClassNotFoundException: 

Are these packages available to use in custom rules? The documentation isn’t clear on this at all.


Hey Scott,

Thanks for reaching us.

Indeed, this won’t work. You cannot use the AbstractMethodDetection abstract class when writing custom rules. This class is not exposed in the SonarJava plugin API. The only classes you are allowed to access and use should be part of the org.sonar.plugins.java.api package.

For the time being, there is no easy way to identify a method call or method declaration in a custom rules, except writing the logic of checking manually parameters and symbols. We however thought about adding such feature in the API, feel free to vote on the following ticket: SONARJAVA-2357

Now, if you just want to disallow some method invocations or declaration, you may still give a try to the template rule squid:S2253 - Track uses of disallowed methods.

Thanks to you I also had a look at all the custom rules targeting java from the example, and fixed one which was indeed using an unexposed utility class. Maybe that’s what caused you trouble. I also identified and fixed a more annoying issue regarding loading of rule metadata. I therefore strongly encourage you to re-download/update the template.

Finally, about what you are saying:

Which documentation are you referring to?
I would gladly try to improve it in order to make it clearer.


1 Like

Thanks for the response Michael. A few points:

  1. In the wiki page Writing Custom Java Rules 101, I think it should be clearly stated that only code from org.sonar.plugins.java.api is available.

  2. In the java-custom-rules project from the sonar-custom-rules-examples code, the MyJavaRulesDefinition class explicitly imports org.sonar.plugins.java.Java which isn’t available when deployed.

  3. The MethodMatcher code is really useful and should be part of the public API?

Other than that, I think I have enough info to proceed now.



Indeed, it was missing. Fixed! (244efbe)

Thanks, fixed! (72af247)

I definitely agree. I’m setting fixVersion to 6.0 to ticket SONARJAVA-2357, in order to try to include this in our next major release of the SonarJava plugin.