I’m trying to find out if I can use Sonarqube to locate the signs of a backdoor in my code.
I’m running 9.0 and 9,6 (database issues).
The code has sections that are 20+ years old, back for the bad old day’s when we would put in back doors to debug code.
I was thinking of inspecting hotspots and code smells to look for code injection right now.
My question is, is the a more effective way?, are there other telltales I can look for? are there other types of scans that may be more fruitful?
Anything you’ve got, any suggestions are welcome.
anything youve got