Part of issue #18127

modules in java - https://openjdk.org/jeps/261

I have read check documentation: https://checkstyle.org/checks/imports/importcontrol.html
I am using the latest checkstyle generated from the master branch via mvn clean package -Passembly
I have executed the cli and showed it below, as cli describes the problem better than 1,000 words

How it works now

$ javac -version
javac 25

$ javac Test.java
# no output, because file compiles successfully

$ cat Test.java
import module java.sql;  // I want to forbid importation of this module
import module java.base;

class Test {}

$ cat import-control.xml
<?xml version="1.0"?>
<!DOCTYPE import-control PUBLIC
    "-//Checkstyle//DTD ImportControl Configuration 1.4//EN"
    "https://checkstyle.org/dtds/import_control_1_4.dtd">

<import-control pkg="">
    <disallow pkg="java.sql"/>
</import-control>

$ cat config.xml
<!DOCTYPE module PUBLIC
    "-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
    "https://checkstyle.org/dtds/configuration_1_3.dtd">
<module name="Checker">
  <module name="TreeWalker">
    <module name="ImportControl">
      <property name="file" value="import-control.xml"/>
    </module>
  </module>
</module>

$ RUN_LOCALE="-Duser.language=en -Duser.country=US"
$ java $RUN_LOCALE -jar target/checkstyle-12.3.1-SNAPSHOT-all.jar -c config.xml Test.java
Starting audit...
Audit done.

Is your feature request related to a problem? Please describe.
Yes. ImportControl currently only processes IMPORT and STATIC_IMPORT tokens, but not MODULE_IMPORT:

Additionally, the DTD only supports pkg and class attributes in allow/disallow rules, with no support for module names.
In other words, ImportControl does not enforce allow/disallow rules for module import syntax (import module ...).

Describe the solution you'd like
I would like to have a dedicated module attribute in the allow/disallow elements, where I can specify module names I want to allow or disallow. It must behave the same way as the class attribute:

• If the regex attribute is not set, entries are treated as exact module names (java.base, java.logging).
• If the regex attribute is set to true, entries are treated as regular expressions that are matched against module names.

I imagine a configuration like:

<import-control pkg="">
    <allow module="java.base"/>
    <disallow module="java.sql"/>
</import-control>

that flags the following code:

import module java.sql;   // violation

with a violation like this:

[ERROR] /tmp/Test.java:1:1: 'import module java.sql' is disallowed. [ImportControl]
Audit done.