Can you please let us know the table to look for ?
We have checked a few tables and came across file_sources table and data in this table is in form of hashes (as column names indicates) and BLOB (for binary_data).
I guess it’s more precise to say it’s stored as binary data (my bad)… but from an encryption standpoint, that’s about as good as plain text. file_sources is indeed where that data is stored.
Thank you.
Are below statements correct ? Please clarify.
From database, we cannot view source code as plain text/human readable format by doing select queries on file_sources table.
SonarQube server internally uses the hashes to decode the binary data from file_sources table to show it on dashboard as plain text/human readable format.
Also is there a way source upload can be disabled for files that don’t have any violations reported ? Please suggest.
I have used blob editor in SQL developer and tried to see the data as “text” and i see data in binary format (with mostly special characters and symbols).
When you said an additional step, does that user require additional knowledge on how sonarqube converts the column’s data to binary (to store as BLOB) and use the same logic to convert binary data back to text / human readable format ? or is there an tool you know of which can do that ?
The reason for asking this question is to know if a user with “select” privileges on file_sources table can see the source code or not ?