https://github.com/donhui/sonar-mybatis
MyBatis Plugin for SonarQube: Rules to check SQL statements in MyBatis Mapper XML files
https://github.com/donhui/sonar-mybatis
check-sql-statements mybatis mybatis-mapper sonar sonarqube sonarqube-plugin
Last synced: 30 days ago
JSON representation
MyBatis Plugin for SonarQube: Rules to check SQL statements in MyBatis Mapper XML files
- Host: GitHub
- URL: https://github.com/donhui/sonar-mybatis
- Owner: donhui
- License: other
- Created: 2019-08-06T12:04:39.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2024-02-29T06:51:15.000Z (about 1 year ago)
- Last Synced: 2025-04-17T22:10:02.314Z (about 1 month ago)
- Topics: check-sql-statements, mybatis, mybatis-mapper, sonar, sonarqube, sonarqube-plugin
- Language: Java
- Homepage:
- Size: 403 KB
- Stars: 76
- Watchers: 4
- Forks: 21
- Open Issues: 14
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://travis-ci.com/donhui/sonar-mybatis)
[](https://sonarcloud.io/dashboard?id=donhui_sonar-mybatis)
[](https://github.com/donhui/sonar-mybatis/releases/)
[](https://github.com/donhui/sonar-mybatis/releases/)
[README δΈζη](README.zh.md)
## SonarQube MyBatis Plugin
MyBatis Plugin for SonarQube: Rules to check SQL statements in MyBatis Mapper XML files.
## What is Risk SQL?
Risk SQL is that in the mybatis mapper file, there are some dynamic SQL, such as `` elements of Mapper file,
if all parameters in the SQL statement elements of Mapper XML file are null , the SQL may at great risk.
an example as follows:
```
DELETE FROM table_name
WHERE 1=1
AND start_time #{startTime}
AND end_time #{endTime}
```
## MyBatis Rules
There are 7 built-in mybatis rules, which select statement has three rules, update and delete statement has two rules.
## How to install it?
There are two options to install a plugin into SonarQube:
- Marketplace - Installs plugins automatically, from the SonarQube UI.
- Manual Installation - You'll use this method if your SonarQube instance doesn't have access to the Internet.
### Marketplace
If you have access to the Internet and you are connected with a SonarQube user having the Global Permission "Administer System", you can go to Administration > Marketplace.
- Find the plugin by search `mybatis`
- Click on Install and wait for the download to be processed
Once download is complete, a "Restart" button will be available to restart your instance.
### Manual Installation
The plugin can be downloaded from [github release](https://github.com/donhui/sonar-mybatis/releases/) .
Put the downloaded jar in `$SONARQUBE_HOME/extensions/plugins`, removing any previous versions of the same plugins.
Once done, you will need to restart your SonarQube Server.
## How to Use it?
There is an example of using maven build command:
```
mvn clean compile -U -Dmaven.test.skip=true -Dmaven.javadoc.skip=true sonar:sonar -Dsonar.host.url=http://127.0.0.1:9000/ -Dsonar.projectKey=demo -Dsonar.projectName=demo -Dsonar.sourceEncoding=UTF-8 -Dsonar.sources=. -Dsonar.inclusions=src/main/** -Dsonar.exclusions==src/main/webapp/**
```
To analysis mybatis mapper file, `src/main/resources` dir must be in `sonar.sources`.
## Support Global Stmt ID Exclude
For special issues of statements, if you want ignore them, you can put the statement id with namespace into the global stmt id exclude list.
## Skip MyBatis Sensor
If you want to skip mybatis sensor sometimes, you can change the global properties `sonar.mybatis.skip` to `true` or add the parameter in the command:
`-Dsonar.mybatis.skip=true` .
## Contribute
Please report bugs and feature requests at https://github.com/donhui/sonar-mybatis/issues.
Or you can submit pull requests for fix bugs or create new features, any contribution is welcome.
# Stargazers over time
## Star History
[](https://star-history.com/#donhui/sonar-mybatis&Date)