There are three ways to extend coding rules:
- Adding XPath rules directly in the Sonar web interface.
- Extending an existing Sonar plugin. For example Checkstyle and PMD plugins accept definition of custom checks.
- Embedding and executing a code analyzer. For example the Checkstyle plugin configures and executes the library Checkstyle.
Solution #1: Adding XPath Rules
Writing XPath rules directly on the web interface is a quick and easy way to add new coding rules.
While parsing the source code, Sonar builds an Abstract Syntax Tree (AST).
The XPath language provides a way to write coding rules by navigating this AST.
To create a new rule:
- Login as an administrator
- Go to Configuration > Quality Profile
- Select one of the quality profiles whose language you want to add a new rule
- Look for the XPath rule template:
- Copy this template to create a new rule:
- Write you rule:
TODO: add screenshot
- Function must start with an uppercase letter: TODO
- Do not use document.write: TODO
- Always use curly braces for if/else statements: TODO
Once written, activate those rules and run a Sonar analysis.
Violations on those XPath rules are now logged:
TODO: add screenshot
Language Plugins Supporting XPath
- Java through PMD
Solution #2: Extending Sonar Plugins
The following languages can be extended with new rules:
- C: see how to extend C rules
- C#: see how to extend FxCop and Gendarme rules
- Cobol: see how to extend Cobol rules
- PHP: see how to extend PHP CodeSniffer and PHPMD rules
Solution #3: Executing a Code Analyzer
A code analyzer plugin executes the following steps:
- Register definitions of coding rules, when the server is started.
- Optionally define some templates of quality profiles, when the server is started.
- Analyze source code and inject results in database
1. Registering coding rules
This step relates to the extension point org.sonar.api.rules.RuleRepository. A RuleRepository defines a set of coding rules. It usually loads data from a XML file:
The XML file is available in the plugin classloader and looks like :
2. Defining quality profiles
This step relates to the extension point org.sonar.api.profiles.ProfileDefinition. Profiles provided by plugins are registered at server startup and can't be edited by users:
3. Analyzing source code
This step relates to the extension point org.sonar.api.batch.Sensor.