The documentation includes general guidance on adding coding rules, including which languages support adding custom rules, and general guidance on how to go about it.
If the docs don’t answer your question, please tell us:
- What language are you writing rules for?
- PL\SQL
- What have you tried, and what’s your challenge / stumbling block.
We are trying to create a custom XPath rule in SonarQube to detect DDL statements (specifically CREATE TABLE) in PL/SQL files. The rule is created via the built-in template “Track breaches of an XPath rule” under PL/SQL language.
The rule is activated in our quality profile and the profile is assigned to the project. The PL/SQL sensor is running and analyzing our .sql files correctly (confirmed via scanner logs).
SQL file being tested
CREATE TABLE persons ( personid INT, last_name VARCHAR2(100) );
What we tried
We tested the following XPath expressions in the custom rule:
//createTable ← no issues raised
//createTableStatement ← no issues raised
//CREATE_TABLE ← no issues raised (from ZPA Toolkit AST) //DDL_COMMAND ← no issues raised
//create_table ← no issues raised
//*[local-name()=‘CREATE_TABLE’] ← no issues raised
//*[contains(local-name(), ‘able’)] ← no issues raised
//* ← 
raised 31 once, not detecting when tried again
Key observations
1. //* fires and raises 31 issues on the file — confirming the PL/SQL parser IS running and the AST IS accessible via XPath, but when tried again, not detecting any.
Scanner log confirmation
INFO: Sensor PL/SQL Sensor \[plsql\]
INFO: 4 source files to be analyzed
INFO: 4/4 source files have been analyzed
INFO: Sensor PL/SQL Sensor \[plsql\] (done) | time=320ms
Questions
1. What is the correct XPath node name for CREATE TABLE in SonarQube’s commercial PL/SQL parser?
- Also, the Custom Profile created is created , but in the Project information it still shows the Sonar Way.
But when I check in Quality Profile the project is attached. Our end goal is to raise issue on detecting DDL statement..