Credentials rule not detecting a particular word - Java


I try to update the hardcoded credentials rule - Java. Here I have added one more credientialWords “passowrd”. But Sonar is not detecting that particular word which is present in my code.



Hi there,

To increase your chances of getting some help, I think at the minimum you should share a concrete code example that reproduces your issue, also make sure that the issue is present in latest versions of the product, and last but not least share some more insights into what you’ve tried so far to troubleshoot this.

1 Like


I tried these and it worked

String password = "tesdeee";
String passowrd = "123";
String pwd = "554";
String pawd = "43222";

but it did not catch this one

public String getConnPassowrd() {
		return connPassowrd;

I have 6.7.4 LTS version of Sonar and Sonar Java 5.7


This rule will only catch “hardcoded” password and so variable declaration that points to a string literal.
Method names or variables that can’t be tied to a string literal won’t raise an issue, so the code snippet you shared is fine regarding this rule.

1 Like

Thanks for the response.