SonarQube JSON Analyzer

Disclaimer

I don't want to keep maintaining this plugin. Feel free to ping me if you want to take over.

Description

This SonarQube plugin analyzes JSON files and:

• Computes metrics: lines of code, statements, etc.
• Checks various guidelines to find out potential bugs and code smells through more than 12 checks
• Provides the ability to write your own checks

Usage

1. Download ad install SonarQube
2. Install the JSON plugin by a direct download. The latest version is compatible with SonarQube 6.7+
3. Install your favorite scanner (SonarQube Scanner, Maven, Ant, etc.)
4. Analyze your code

Custom Checks

You're thinking of new valuable rules? Version 2.0 or greater provides an API to write your own custom checks. A sample plugin with detailed explanations is available here. If your custom rules may benefit the community, feel free to create a pull request in order to make the rule available in the JSON analyzer.

You're thinking of new rules that may benefit the community but don't have the time or the skills to write them? Feel free to create an issue for your rules to be taken under consideration.

Troubleshooting

If a JSON file is containing some heavily nested objects (more than a hundred nested levels), you may face a StackOverflowError looking like:

Exception in thread "main" java.lang.StackOverflowError
	at com.sonar.sslr.impl.typed.SyntaxTreeCreator.convertChildren(SyntaxTreeCreator.java:128)
	at com.sonar.sslr.impl.typed.SyntaxTreeCreator.visitNonTerminal(SyntaxTreeCreator.java:119)
	at com.sonar.sslr.impl.typed.SyntaxTreeCreator.visit(SyntaxTreeCreator.java:72)
	at com.sonar.sslr.impl.typed.SyntaxTreeCreator.visitNonTerminal(SyntaxTreeCreator.java:89)
	at com.sonar.sslr.impl.typed.SyntaxTreeCreator.visit(SyntaxTreeCreator.java:72)
	at com.sonar.sslr.impl.typed.SyntaxTreeCreator.convertChildren(SyntaxTreeCreator.java:129)
	at com.sonar.sslr.impl.typed.SyntaxTreeCreator.visitNonTerminal(SyntaxTreeCreator.java:119)
	...

Increasing the JVM stack size should fix your issue.

If you are running your analysis with:

• The SonarQube Scanner, set the SONAR_SCANNER_OPTS environment variable to -Xss10m for instance
• Maven, set the MAVEN_OPTS environment variable to -Xss10m for instance

and rerun your analysis.

Available Rules

Generic

• BOM should not be used for UTF-8 files
• File names should comply with a naming convention
• Files should contain an empty new line at the end
• Regular expression on key
• Tabulation characters should not be used

Puppet

• "author" should match the required value in Puppet "metadata.json" files
• "license" should be valid in Puppet "metadata.json" files
• "license" should match the required value in Puppet "metadata.json" files
• "version" should be a semantic version in Puppet "metadata.json" files
• Deprecated keys should be removed from Puppet "metadata.json" files
• Duplicated dependencies should be removed from Puppet "metadata.json" files
• Puppet "metadata.json" files should define all the required keys