Credentials rule not detecting a particular word - Java

Ramdas · September 19, 2018, 4:51pm

Hello,

I try to update the hardcoded credentials rule - Java. Here I have added one more credientialWords “passowrd”. But Sonar is not detecting that particular word which is present in my code.

Thanks.

NicoB · September 20, 2018, 12:07pm

Hi there,

To increase your chances of getting some help, I think at the minimum you should share a concrete code example that reproduces your issue, also make sure that the issue is present in latest versions of the product, and last but not least share some more insights into what you’ve tried so far to troubleshoot this.

Ramdas · September 20, 2018, 5:02pm

Hi,

I tried these and it worked

String password = "tesdeee";
String passowrd = "123";
String pwd = "554";
String pawd = "43222";

but it did not catch this one

public String getConnPassowrd() {
		return connPassowrd;
	}

I have 6.7.4 LTS version of Sonar and Sonar Java 5.7

Thanks

Nicolas_Peru · September 21, 2018, 7:39am

This rule will only catch “hardcoded” password and so variable declaration that points to a string literal.
Method names or variables that can’t be tied to a string literal won’t raise an issue, so the code snippet you shared is fine regarding this rule.

Ramdas · September 21, 2018, 2:09pm

Thanks for the response.

Topic		Replies	Views
The Java analyzer detect secrets hidden in your Java files Sonar Updates java , security , secrets	0	1989	June 3, 2022
Hardcoded Credentials (S6437, S2053, S2068) Report False-positive / False-negative... java	2	1381	April 30, 2024
False positives by rule "Credentials should not be hard-coded" SonarQube Server / Community Build java	3	1394	January 4, 2019
SonarQube Custom rule for scanning HardCoded Credentials SonarQube Server / Community Build javascript	1	786	July 27, 2018
Finding hard coded passwords SonarQube Server / Community Build security , rules	7	14135	March 10, 2021

Credentials rule not detecting a particular word - Java

Related topics