This project provides a few simple checks for Java to demonstrate the implementation and use of custom rules in SonarQube.
NullableReturnCheck- Shows an issue onINFOlevel to the developer suggesting to consider usingjava.util.Optionalorio.vavr.control.Optioninstead of a potentially nullable return value. Implementation is done using the visitor pattern available in Sonar.NullnessAnnotationCheck- Forbids the use of any nullness annotations besides those of the Checker Framework. The rule itself is marked deprecated. There is a more generic approach available that does not require a custom rule -- rule templates.VavrPublicSignatureCheck- Forbid the use of vavr.io classes in public API. This includes public/protected methods used in interfaces and abstract classes.
Check the setup page to get a brief overview of how to install this plugin.
It seems that Sonar is not able to catch type annotations. Both the
NullnessAnnotationCheck as well as the OOTB template "Track uses of
disallowed classes" are not able to match the use of a forbidden annotation.