I am attempting to find a list of keywords or patterns for the default rules used in SonarQube.
As an example, let’s take the Java rule : Databases should be password-protected
found here: https://rules.sonarsource.com/java/
How does SonarQube determine which variables are passwords or other sensitive information? I’ve looked through the Github documentation & files, but I have yet to find a list of values that influence rule violations.
Hello @aworm, and welcome in this community.
I would advise you to have another look at the implementation of the rule S2115. Most of our plugins are Open Source and you can dig directly into the code.
In the present case, you will find everything here:
Looking at it, you will then see that the rule rely on a REGEX rather than a list of values. Regarding how to detect when we expect a password. I’ll let you play with the code.
Regards,
Michael