Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Adding XPath rules directly through the SonarQube web interface.
  2. Extending an existing SonarQube plugin. For example Checkstyle and PMD plugins accept definition definitions of custom checks.

Before starting implementing a new coding rule, you should wonder consider whether it is specific to your own context or might benefit others. If it might benefit others, you can propose them on the developer mailing-list. If the SonarQube team find them your proposed rules interesting, they may be implemented directly implemented in the related language plugin. It means less maintenance on your side and benefits for you, and benefit to others.



SonarQube provides a quick and easy way to add new coding rules directly via the web interface for certain languages (C/C++, C#, Cobol, Flex, Java, JavaScript, PL/I, PL/SQL, Python and VB.NET).

The rules have to must be written in XPath to navigate the language's Abstract Syntax Tree (AST). For each language, an SSLR Toolkit is provided to help you navigate the AST. This Each language's SSLR Toolkit is a standalone application that displays the AST for a provided piece of code source . So that you quickly get the nodes feed into it, allowing you to read the node names and attributes to from your code sample and write your XPath expression from your code sample. The proper SSLR Toolkit can be downloaded from the language plugin page. So, finally, knowing the XPath language is the only prerequisite. A , and there are a lot of tutorials on XPath can be found online (see for example).


Let's take For an SSLR preview, consider the following JavaScript source code sample:

Code Block
function HelloWorld(hour) {
  if (hour) {
    this.hour = hour;
  } else {
    var date = new Date();
    this.hour = date.getHours();
  this.displayGreeting = function() {
    if (this.hour >= 22 || this.hour <= 5)
      document.write("Good night, World!");
      document.write("Hello, World!");

While parsing the source code, SonarQube builds an Abstract Syntax Tree (AST) .An SSLR Toolkit is provided by each language supporting XPath to get a representation of this ASTfor it, and the SSLR Toolkit provided for each language will show you SonarQube's AST for a given piece of code. Here's the AST for our JavaScript sample:

The XPath language provides a way to write coding rules by navigating this AST, and the SSLR Toolkit for the language will give you the ability to test your new rules against your sample code.

To create a Once your new rule in is written, you can add it SonarQube:

  1. Login as an administrator
  2. Go to Configuration > Quality Profile
  3. Select one of the quality profiles for the language you wish to add the rule to
  4. Look for the XPath rule template:
  5. Copy this the template to create a new rule:
  6. Paste in the XPath rule (it should comply to XPath 1.0) you wrote and tested using the SSLR toolkit:

    Here are two examples of JavaScript XPath rules:

    Do not use document.write

    Code Block
    //callExpression/memberExpression[count(*) = 3 and primaryExpression[@tokenValue = "document"] and identifierName[@tokenValue = "write"]]

    Always use curly braces for if/else statements:

    Code Block



  7. Once written, activate those rules Once your rule is added to SonarQube, activate it in a profile and run an analysis.
  8. Issues on those XPath rules are now logged: