Add some features to VSCode plugin
66 views
Skip to first unread message
ahmed.ibrahi...@gmail.com
Mar 9, 2018, 9:04:02 AM3/9/18
to SonarLint
Hi all,
I added SonarLint VSCode plugin to my visual studio code and it works well.
As I know SonarLint is an opensource application so I want to add/update some features to the plugin like add new rules and improve some descriptions.
I need to know the all steps to make that.
Thanks in advance.
Ahmed Ibrahim
Julien HENRY
Mar 9, 2018, 9:42:04 AM3/9/18
to ahmed.ibrahi...@gmail.com, SonarLint
Hi Ahmed,
SonarLint rules are provided by SonarSource code analyzers (SonarJS, SonarTS, SonarPHP and SonarPython). All are open source projects :)
But let me suggest to start discussing here your plans before starting coding, especially if you expect your modifications to be mainstreamed. This will allow us to guide you. And if your rule suggestions are good enough, we can even implement them for you :)
Regards,
--
You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/fe7a3216-0829-4b28-93a9-96d56ff6eece%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
ahmed.ibrahi...@gmail.com
Mar 9, 2018, 10:09:04 AM3/9/18
to SonarLint
Hi Julien,
Thank you for reply, I want to describe the status to you.
I'm a software vulnerability researcher at Cairo University, Egypt. Now I'm working on a research to make software vulnerabilities remediation.
My research is about Cross-site scripting vulnerabilities in PHP and I searched about PHP analyzers that I may use and start with in my research.
I found SonarLint as a great tool and there are many developers use it, so I thought about integrate my work with it.
I think about new feature for the developers to allow the them to remediate the vulnerable parts by automatic repair algorithms
.
So it will be a valuable addition to SonarLint if I success to integrate my idea/work with it.
Many thanks,
Ahmed Ibrahim
On Friday, March 9, 2018 at 4:42:04 PM UTC+2, Julien HENRY wrote:
Hi Ahmed,SonarLint rules are provided by SonarSource code analyzers (SonarJS, SonarTS, SonarPHP and SonarPython). All are open source projects :)But let me suggest to start discussing here your plans before starting coding, especially if you expect your modifications to be mainstreamed. This will allow us to guide you. And if your rule suggestions are good enough, we can even implement them for you :)Regards,
2018-03-09 15:04 GMT+01:00 <ahmed.ibrahi...@gmail.com>:
Hi all,I added SonarLint VSCode plugin to my visual studio code and it works well.As I know SonarLint is an opensource application so I want to add/update some features to the plugin like add new rules and improve some descriptions.I need to know the all steps to make that.Thanks in advance.Ahmed Ibrahim
--
You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+...@googlegroups.com.
Julien HENRY
Mar 9, 2018, 10:20:47 AM3/9/18
to ahmed.ibrahi...@gmail.com, SonarLint
In case you are interested, there is a Java API to create custom rules for PHP, based on our own parser. I let you read:
You can of course write your own analyzer from scratch, but then we won't accept it in the official SonarLint distribution (just to avoid any deception later).
++
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/e6e9a6b3-2840-4849-8303-2af5d05c5427%40googlegroups.com.
Ahmed Ibrahim
Mar 9, 2018, 10:31:51 AM3/9/18
to Julien HENRY, SonarLint
Thanks Julien,
So you mean that using this Java API I will be able to create/add custom rules and test them locally?
And if yes, is there are any other requirements/tools to make that in addition the API or not?
Thanks,
Ahmed Ibrahim
On Fri, Mar 9, 2018 at 5:20 PM, Julien HENRY <julien...@sonarsource.com> wrote:
In case you are interested, there is a Java API to create custom rules for PHP, based on our own parser. I let you read:You can of course write your own analyzer from scratch, but then we won't accept it in the official SonarLint distribution (just to avoid any deception later).++
Julien Henry | SonarSource
Developer
https://sonarsource.com
Julien HENRY
Mar 9, 2018, 10:43:27 AM3/9/18
to Ahmed Ibrahim, SonarLint
The Java API will expose you an AST of the PHP program + an API to report issues. Once you are happy with your rule, you can package it in a SonarQube plugin, that you will deploy in a SonarQube server (that you can run locally, it's also free/OSS) together with SonarPHP. And then you'll be able to analyze code (using a command line SonarQube scanner).
While developing your rule, I suggest to use the unit test framework to speed up the loop.
See this example, and look at SonarQube documentation, and then feel free to come with more specific questions:
++
Ahmed Ibrahim
Mar 9, 2018, 3:14:52 PM3/9/18
to Julien HENRY, SonarLint
Hi Julien,
I already created and pushed the plugin to SonarQurbe server but I can't use the new rule in analysis as the default analyzer is "Sonar Way Php" so I need to activate the new rule to included in the default analyzer.
Thanks,
Ahmed Ibrahim
On Fri, Mar 9, 2018 at 5:54 PM, Ahmed Ibrahim <ahmed.ibrahi...@gmail.com> wrote:
Thanks Julien.Ahmed Ibrahim
On Fri, Mar 9, 2018 at 5:43 PM, Julien HENRY <julien...@sonarsource.com> wrote:
The Java API will expose you an AST of the PHP program + an API to report issues. Once you are happy with your rule, you can package it in a SonarQube plugin, that you will deploy in a SonarQube server (that you can run locally, it's also free/OSS) together with SonarPHP. And then you'll be able to analyze code (using a command line SonarQube scanner).While developing your rule, I suggest to use the unit test framework to speed up the loop.See this example, and look at SonarQube documentation, and then feel free to come with more specific questions:++
Julien Henry | SonarSource
Developer
https://sonarsource.com
Reply all
Reply to author
Forward
0 new messages