SonarSecurity relies on custom rules API to write Security rules. However, not everything that we are using in checks is available to be used by Custom Rules. In particular, the ConstantUtils class is requiring implementation class from the semantic layer to access data.
This can not be performed in Custom Rules, as it relies at the end on ECJ classes, which are not exposed.
The following methods would be interesting to expose in our API, potentially at ExpressionTree level.
The proposed solution is to enrich the ExpressionTree API by adding two new methods: