c:S2068 dont detect hard coded password in macro definition

SonarQube Developer Edition

#define DB_PASSWORD 	"secret"

This hard coded password is not detected. Please confirm whether this pattern should be detected or not since the rule does not explicitly state anything regarding macro definition.

I found this old open issue on adding evaluation for this pattern:

Does this means password hardcoded in macro definition won’t be flagged by SonarQube?


Welcome to the community!

That ticket is still open, so the rule hasn’t been updated yet for your case.


I mentioned this in the CPP-2852 ticket so that we don’t forget about this post. Thanks for raising this.

1 Like

Great, thanks!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.