SonarSource · leonardo-pilastri-sonarsource · May 28, 2026 · gitar-bot · May 28, 2026
diff --git a/java-checks-testkit/A.java b/java-checks-testkit/A.java
@@ -0,0 +1,3 @@
+public class A {
+  private void BAD_METHOD_NAME() {}
+}
diff --git a/java-checks-testkit/pom.xml b/java-checks-testkit/pom.xml
@@ -60,6 +60,11 @@
       <artifactId>sonar-analyzer-test-commons</artifactId>
       <scope>compile</scope>
     </dependency>
+    <dependency>
+      <groupId>com.sonarsource.scanner.integrationtester</groupId>
+      <artifactId>sonar-scanner-integration-tester</artifactId>
+      <version>${sonar.integration.tester.version}</version>
+    </dependency>
   </dependencies>
 
   <build>

diff --git a/java-checks-testkit/src/A.java b/java-checks-testkit/src/A.java
@@ -0,0 +1,3 @@
+public class A {
+  private void BAD_METHOD_NAME() {}
+}
diff --git a/java-checks-testkit/src/main/java/org/sonar/java/checks/verifier/sit/JavaRuleMetadata.java b/java-checks-testkit/src/main/java/org/sonar/java/checks/verifier/sit/JavaRuleMetadata.java
@@ -0,0 +1,99 @@
+/*
+ * SonarQube Java
+ * Copyright (C) SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * You can redistribute and/or modify this program under the terms of
+ * the Sonar Source-Available License Version 1, as published by SonarSource Sàrl.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.java.checks.verifier.sit;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.sonarsource.scanner.integrationtester.dsl.ActiveRule;
+import com.sonarsource.scanner.integrationtester.dsl.RuleKey;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Locale;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * Resolves Java rule metadata from the sonar-java-plugin resource files
+ * and builds {@link ActiveRule} instances from a single rule key string.
+ *
+ * <p>Usage:
+ * <pre>{@code
+ * ActiveRule rule = JavaRuleMetadata.activeRule("S100");
+ * }</pre>
+ */
+public final class JavaRuleMetadata {
+
+  private static final String RULES_METADATA_DIR = "sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java";
+  private static final String REPO_KEY = "java";
+  private static final String LANGUAGE_KEY = "java";
+
+  private static final Path METADATA_ROOT = resolveMetadataRoot();
+  private static final Map<String, ActiveRule> CACHE = new ConcurrentHashMap<>();
+
+  private JavaRuleMetadata() {
+  }
+
+  /**
+   * Builds an {@link ActiveRule} for the given rule key (e.g. {@code "S100"})
+   * by reading title and defaultSeverity from the rule's JSON metadata file.
+   */
+  public static ActiveRule activeRule(String ruleKey) {
+    return CACHE.computeIfAbsent(ruleKey, JavaRuleMetadata::loadRule);
+  }
+
+  private static ActiveRule loadRule(String ruleKey) {
+    Path jsonFile = METADATA_ROOT.resolve(ruleKey + ".json");
+    if (!Files.exists(jsonFile)) {
+      throw new IllegalArgumentException("Rule metadata not found for key '" + ruleKey + "': " + jsonFile);
+    }
+
+    JsonObject json = readJson(jsonFile);
+    String title = json.get("title").getAsString();
+    String severityStr = json.get("defaultSeverity").getAsString();
+    ActiveRule.Severity severity = ActiveRule.Severity.valueOf(severityStr.toUpperCase(Locale.ROOT));
+
+    return ActiveRule.builder()
+      .withKey(RuleKey.of(REPO_KEY, ruleKey))
+      .withName(title)
+      .withLanguageKey(LANGUAGE_KEY)
+      .withSeverity(severity)
+      .build();
+  }
+
+  private static JsonObject readJson(Path path) {
+    try {
+      String content = Files.readString(path);
+      return JsonParser.parseString(content).getAsJsonObject();
+    } catch (IOException e) {
+      throw new IllegalStateException("Failed to read rule metadata: " + path, e);
+    }
+  }
+
+  private static Path resolveMetadataRoot() {
+    Path lookUpPath = Path.of(System.getProperty("user.dir"));
+    while (lookUpPath != null) {
+      Path candidate = lookUpPath.resolve(RULES_METADATA_DIR);
+      if (Files.isDirectory(candidate)) {
+        return candidate;
+      }
+      lookUpPath = lookUpPath.getParent();
+    }
+    throw new IllegalStateException(
+      "Cannot find rule metadata directory '" + RULES_METADATA_DIR + "' from working directory");
+  }
+}
diff --git a/java-checks-testkit/src/main/java/org/sonar/java/checks/verifier/sit/ModuleBuilder.java b/java-checks-testkit/src/main/java/org/sonar/java/checks/verifier/sit/ModuleBuilder.java
@@ -0,0 +1,97 @@
+/*
+ * SonarQube Java
+ * Copyright (C) SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * You can redistribute and/or modify this program under the terms of
+ * the Sonar Source-Available License Version 1, as published by SonarSource Sàrl.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.java.checks.verifier.sit;
+
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+public class ModuleBuilder {
+
+  private final String name;
+  private final ScannerVerifierProjectBuilder projectBuilder;
+  private final List<Path> inputFiles = new ArrayList<>();
+  private final List<Path> binaries = new ArrayList<>();
+  private final List<Path> libraries = new ArrayList<>();
+  private final List<String> dependencies = new ArrayList<>();
+
+  ModuleBuilder(String name, ScannerVerifierProjectBuilder projectBuilder) {
+    this.name = name;
+    this.projectBuilder = projectBuilder;
+  }
+
+  /**
+   * Source files to analyze, mapped to {@code sonar.sources}.
+   */
+  public ModuleBuilder withInputFiles(Path... files) {
+    Collections.addAll(inputFiles, files);
+    return this;
+  }
+
+  /**
+   * Compiled class directories, mapped to {@code sonar.java.binaries}.
+   */
+  public ModuleBuilder withBinaries(Path... paths) {
+    Collections.addAll(binaries, paths);
+    return this;
+  }
+
+  /**
+   * External library jars, mapped to {@code sonar.java.libraries}.
+   */
+  public ModuleBuilder withLibraries(Path... libs) {
+    Collections.addAll(libraries, libs);
+    return this;
+  }
+
+  /**
+   * Inter-module dependencies by module name. The dependent modules' binaries
+   * are automatically added to this module's {@code sonar.java.libraries}.
+   */
+  public ModuleBuilder withDependencies(String... moduleNames) {
+    Collections.addAll(dependencies, moduleNames);
+    return this;
+  }
+
+  /**
+   * Returns to the project builder to add more modules or finalize.
+   */
+  public ScannerVerifierProjectBuilder endModule() {
+    return projectBuilder;
+  }
+
+  String name() {
+    return name;
+  }
+
+  List<Path> inputFiles() {
+    return inputFiles;
+  }
+
+  List<Path> binaries() {
+    return binaries;
+  }
+
+  List<Path> libraries() {
+    return libraries;
+  }
+
+  List<String> dependencies() {
+    return dependencies;
+  }
+}
diff --git a/java-checks-testkit/src/main/java/org/sonar/java/checks/verifier/sit/ScannerVerifier.java b/java-checks-testkit/src/main/java/org/sonar/java/checks/verifier/sit/ScannerVerifier.java
@@ -0,0 +1,39 @@
+/*
+ * SonarQube Java
+ * Copyright (C) SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * You can redistribute and/or modify this program under the terms of
+ * the Sonar Source-Available License Version 1, as published by SonarSource Sàrl.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.java.checks.verifier.sit;
+
+import com.sonarsource.scanner.integrationtester.runner.ScannerRunner;
+import com.sonarsource.scanner.integrationtester.runner.ScannerRunnerConfig;
+
+public class ScannerVerifier {
+
+  private static final ScannerRunnerConfig RUNNER_CONFIG = ScannerRunnerConfig.builder()
+    .withLogsPrintedToStdOut(true)
+    .build();
+
+  private ScannerVerifier() {
+    // Utility class, do not instantiate
+  }
+
+  public static ScannerVerifierResult execute(ScannerVerifierAnalysisBuilder analysis) {
+    var sonarServerContext = analysis.buildServerContext();
+    var scannerInput = analysis.buildScannerInput();
+    var result = ScannerRunner.run(sonarServerContext, scannerInput, RUNNER_CONFIG);
+    return new ScannerVerifierResult(result);
+  }
+
+}
diff --git a/...tkit/src/main/java/org/sonar/java/checks/verifier/sit/ScannerVerifierAnalysisBuilder.java b/...tkit/src/main/java/org/sonar/java/checks/verifier/sit/ScannerVerifierAnalysisBuilder.java
@@ -0,0 +1,105 @@
+/*
+ * SonarQube Java
+ * Copyright (C) SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * You can redistribute and/or modify this program under the terms of
+ * the Sonar Source-Available License Version 1, as published by SonarSource Sàrl.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.java.checks.verifier.sit;
+
+import com.sonarsource.scanner.integrationtester.dsl.EngineVersion;
+import com.sonarsource.scanner.integrationtester.dsl.ScannerInput;
+import com.sonarsource.scanner.integrationtester.dsl.SonarServerContext;
+import org.sonar.java.annotations.VisibleForTesting;
+import org.sonar.java.test.classpath.TestClasspathUtils;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+public class ScannerVerifierAnalysisBuilder {
+
+  private static final Path JAVA_PLUGIN_PATH = TestClasspathUtils.findModuleJarPath("../sonar-java-plugin");
+  private static final String DEFAULT_PROJECT_KEY = "scanner-verifier-test";
+
+  private final SonarServerContext.Builder serverContextBuilder;
+  private final Map<String, String> projectScannerProperties = new LinkedHashMap<>();
+  private final List<ModuleBuilder> modules = new ArrayList<>();
+  private Path projectBaseDir;
+  private String projectKey = DEFAULT_PROJECT_KEY;
+
+  private ScannerVerifierAnalysisBuilder() {
+    serverContextBuilder = SonarServerContext.builder()
+      .withProduct(SonarServerContext.Product.SERVER)
+      .withEngineVersion(EngineVersion.latestRelease())
+      .withLanguage("java", "Java", ".java")
+      .withPlugin(JAVA_PLUGIN_PATH);
+  }
+
+  public static ScannerVerifierAnalysisBuilder newAnalysis(Path projectBaseDir) {
+    return new ScannerVerifierAnalysisBuilder()
+      .withProjectBaseDir(projectBaseDir)
+      .withProjectKey("project");
+  }
+
+  public ScannerVerifierAnalysisBuilder withProject(ScannerVerifierProjectBuilder project) {
+    serverContextBuilder.withProjectContext(project.build());
+    projectScannerProperties.putAll(project.toScannerProperties());
+    modules.addAll(project.modules());
+    return this;
+  }
+
+  private ScannerVerifierAnalysisBuilder withProjectBaseDir(Path projectBaseDir) {
+    this.projectBaseDir = projectBaseDir;
+    return this;
+  }
+
+  private ScannerVerifierAnalysisBuilder withProjectKey(String projectKey) {
+    this.projectKey = projectKey;
+    return this;
+  }
+
+  protected SonarServerContext buildServerContext() {
+    createModuleDirectories();
+    return serverContextBuilder.build();
+  }
+
+  @VisibleForTesting
+  protected void createModuleDirectories() {
+    for (ModuleBuilder module : modules) {
+      Path moduleDir = projectBaseDir.resolve(module.name());
+      Path srcDir = moduleDir.resolve("src");
+      try {
+        Files.createDirectories(srcDir);
+        for (Path inputFile : module.inputFiles()) {
+          Files.copy(inputFile, srcDir.resolve(inputFile.getFileName()), StandardCopyOption.REPLACE_EXISTING);
+        }
+      } catch (IOException e) {
+        throw new UncheckedIOException("Failed to set up module directory: " + moduleDir, e);
+      }
+    }
+  }
+
+  protected ScannerInput buildScannerInput() {
+    var builder = ScannerInput.create(projectKey, projectBaseDir);
+    if (!projectScannerProperties.isEmpty()) {
+      builder.withScannerProperties(projectScannerProperties);
+    }
+    return builder.build();
+  }
+}