Credentials rule not detecting a particular word - Java

java
rules

(Ramdas Sivaramakrishnan) #1

Hello,

I try to update the hardcoded credentials rule - Java. Here I have added one more credientialWords “passowrd”. But Sonar is not detecting that particular word which is present in my code.

image

Thanks.


(Nicolas Bontoux) #2

Hi there,

To increase your chances of getting some help, I think at the minimum you should share a concrete code example that reproduces your issue, also make sure that the issue is present in latest versions of the product, and last but not least share some more insights into what you’ve tried so far to troubleshoot this.


(Ramdas Sivaramakrishnan) #3

Hi,

I tried these and it worked

String password = "tesdeee";
String passowrd = "123";
String pwd = "554";
String pawd = "43222";

but it did not catch this one

public String getConnPassowrd() {
		return connPassowrd;
	}

I have 6.7.4 LTS version of Sonar and Sonar Java 5.7

Thanks


(Nicolas Peru) #4

This rule will only catch “hardcoded” password and so variable declaration that points to a string literal.
Method names or variables that can’t be tied to a string literal won’t raise an issue, so the code snippet you shared is fine regarding this rule.


(Ramdas Sivaramakrishnan) #5

Thanks for the response.