Find Backdoor code with Hotspots or code smell

I’m trying to find out if I can use Sonarqube to locate the signs of a backdoor in my code.

I’m running 9.0 and 9,6 (database issues).

The code has sections that are 20+ years old, back for the bad old day’s when we would put in back doors to debug code.

I was thinking of inspecting hotspots and code smells to look for code injection right now.

My question is, is the a more effective way?, are there other telltales I can look for? are there other types of scans that may be more fruitful?

Anything you’ve got, any suggestions are welcome.

anything youve got

Hello @C0019956,

We did not receive a lot of requests to detect specific patterns that could be used to hide a backdoor but in principle, it should be possible to create rules to detect such patterns and raise Security Hotspots to be reviewed by a human.
In the past, we just added the detection of Bidirectional Characters to prevent trojan source attacks.

Do you have any ideas of patterns you would look for in your 20+ years old code?

Thanks
Alex

1 Like