Plugin with custom rules not taking effect on sonarqube

[Tiaguituh05]

Hi,

I've followed your guide on how to create the plugin with custom rules, to simply create a new rule that detects if any dml statments is missing a ";" at the end. The plugin works file with all the local tests I've made. The issue is when I place the jar file into the sonarqube extension and run the sonnar scanner, no issues are found, and it seems the plugin is not running.

I can see the plugin is installed, I've created a new quality profile, and activated my new rule. I've also made sure the project uses the new quality profile.

When enable debug on the sonar scanner, I can see some interesting things: 1- My plugin is loaded:

08:52:10.860 INFO  Load plugins index
08:52:10.864 DEBUG --> GET http://orcdev27:9000/api/plugins/installed
08:52:10.868 DEBUG <-- 200 http://orcdev27:9000/api/plugins/installed (7ms, unknown-length body)
08:52:10.874 INFO  Load plugins index (done) | time=14ms
08:52:10.874 INFO  Load/download plugins
08:52:10.945 INFO  Load/download plugins (done) | time=71ms
08:52:10.945 DEBUG Plugins not loaded because they are optional: [csharp, flex, go, web, javasymbolicexecution, java, javascript, kotlin, php, ruby, sonarscala, vbnet, plsqlopen]
08:52:10.962 DEBUG Plugins loaded:
08:52:10.963 DEBUG   * Python Code Quality and Security 4.19.0.15616 (python)
08:52:10.963 DEBUG   * **Oracle GDC PL/SQL Rules 1.0-SNAPSHOT** (myrules)
08:52:10.963 DEBUG   * Clean as You Code 2.3.0.1782 (cayc)
08:52:10.964 DEBUG   * XML Code Quality and Security 2.10.0.4108 (xml)
08:52:10.964 DEBUG   * JaCoCo 1.3.0.1538 (jacoco)
08:52:10.964 DEBUG   * IaC Code Quality and Security 1.31.0.10579 (iac)
08:52:10.965 DEBUG   * Text Code Quality and Security 2.12.1.2905 (text)
08:52:11.167 DEBUG register org.eclipse.jgit.util.FS$FileStoreAttributes$$Lambda$330/0x00007f31fc264000@5a4ed68f with shutdown hook

2- When sonar scanner pre-analyses the files, it dectect them as plsqlopen:

08:52:18.400 INFO  Preprocessing files...
08:52:18.417 INFO  1 language detected in 2 preprocessed files
08:52:18.420 INFO  Loading plugins for detected languages
08:52:18.420 DEBUG **Detected languages: [plsqlopen]**

3- After detecting the language, it just seems to load the base ZPA plugin and not my own. Could the issue be here?

08:52:18.420 DEBUG Detected languages: [plsqlopen]
08:52:18.421 INFO  Load/download plugins
08:52:18.429 INFO  Load/download plugins (done) | time=8ms
08:52:18.429 DEBUG Optional language-specific plugins not loaded: [csharp, flex, go, web, javasymbolicexecution, java, javascript, kotlin, php, ruby, sonarscala, vbnet]
08:52:18.433 DEBUG Plugins loaded:
08:52:18.433 DEBUG   * Z PL/SQL Analyzer 3.4.0 (plsqlopen)
08:52:18.502 INFO  Load project repositories

Any input is highly appreciated! Thank you!

[felipebz]

Hi,

Thank you so much for the detailed issue report.

Based on the log messages, it appears that your custom plugin may be missing the "Plugin-RequiredForLanguages" entry in the jar manifest.

For Maven-built plugins, the sonar-packaging-maven-plugin version 1.23.0.740 is required with the requiredForLanguages configuration, as shown in this example:

https://github.com/felipebz/zpa/blob/715a8ad16827319e4c49ee745f080cd9bccc5ff0/plsql-custom-rules/pom.xml#L57-L64

The equivalent configuration for Gradle can be found here:

https://github.com/felipebz/zpa/blob/715a8ad16827319e4c49ee745f080cd9bccc5ff0/plsql-custom-rules/build.gradle.kts#L65

Please check if this property is defined on your plugin.

For context, I tested the plsql-custom-rules example locally and here's the output:

INFO  Load/download plugins (done) | time=32ms
DEBUG Plugins not loaded because they are optional: [csharp, myrules, flex, go, web, javasymbolicexecution, java, javascript, kotlin, php, ruby, sonarscala, vbnet, plsqlopen]
DEBUG Plugins loaded:
DEBUG   * Python Code Quality and Security 4.19.0.15616 (python)
DEBUG   * Clean as You Code 2.3.0.1782 (cayc)
DEBUG   * XML Code Quality and Security 2.10.0.4108 (xml)
DEBUG   * JaCoCo 1.3.0.1538 (jacoco)
DEBUG   * IaC Code Quality and Security 1.31.0.10579 (iac)
DEBUG   * Text Code Quality and Security 2.12.1.2905 (text)

Initially, SonarScanner did not load the "myrules" or "plsqlopen" plugins. They were loaded after language detection:

DEBUG Detected languages: [plsqlopen]
INFO  Load/download plugins
INFO  Load/download plugins (done) | time=5ms
DEBUG Optional language-specific plugins not loaded: [csharp, flex, go, web, javasymbolicexecution, java, javascript, kotlin, php, ruby, sonarscala, vbnet]
DEBUG Plugins loaded:
DEBUG   * Company PL/SQL Rules 1.0-SNAPSHOT (myrules)
DEBUG   * Z PL/SQL Analyzer 3.4.0 (plsqlopen)

[Tiaguituh05]

Hi Felipe,

Thank you so much for the quick response. I've tried your suggestion and it worked!! It is funny, I've cloned your repo just 2 or 3 days ago, and I didn't see that line on build.gradle.kts. Was that added recently?

May I enjoy asking If I can have multiple custom rules on the same plugin? Or will I have to build a plugin for each?

Would you have some steps to guide me on how to do so on the same?

Thank you once again!

[felipebz]

Was that added recently?

No, it was changed months ago. However, I've just realized that all the links in "Create a plugin with custom rules" directed to outdated examples. This may have caused the confusion, sorry!

May I enjoy asking If I can have multiple custom rules on the same plugin?

Yes, you can. Simply create new classes that extend PlSqlCheck and include them in the array of check classes in your "CustomPlSqlRulesDefinition":

https://github.com/felipebz/zpa/blob/715a8ad16827319e4c49ee745f080cd9bccc5ff0/plsql-custom-rules/src/main/java/com/company/plsql/PlSqlCustomRulesDefinition.java#L17-L21

[Tiaguituh05]

Great! Glad I helped find the outdated link :)

Thanks for the quick explanation. I will give it a try!

One last question. This works fine on my local sonarqube on a docker running on v10.6. Will the custom plugin work on a v9.3.0?

[felipebz]

No, it won't. The plugin requires SonarQube 9.9 or newer.

[Tiaguituh05]

Thanks for confirming Felipe. You have been of great help!

[Tiaguituh05]

Sorry for posting, when I've already placed this as closed, but something crossed my mind. Would it be possible to use zpa 3.5.1 and my custom plugin using zpa-cli, and then send the report to SonarQube v9.3?

[felipebz]

Would it be possible to use zpa 3.5.1 and my custom plugin using zpa-cli, and then send the report to SonarQube v9.3?

I'm not sure, but I think it may work. Here are the steps you could follow:

• Verify that your custom plugin contains the file src/main/resources/META-INF/extensions.idx. This file should list the fully qualified name of the class extending CustomPlSqlRulesDefinition.
• Download a zpa-cli 2.0.0 distribution and put your plugin in the "plugins" folder.
• Execute the command path_to_zpa-cli.../bin/zpa-cli --sources . --output-file zpa-issues.json --output-format sq-generic-issue-import. The log's first line should indicate that your plugin was loaded, for example: INFO : Plugin 'myrules@1.0-SNAPSHOT' loaded.
• Then, use the parameter -Dsonar.externalIssuesReportPaths=zpa-issues.json with SonarScanner.

[Tiaguituh05]

Awesome! I will first try to see if we can upgrade sonarqube as it seems by far the best option. If not, I will try this work around. Thanks!