Make sure to read this post before raising a thread here:
Then tell us:
What language is this for?
Why do you believe it’s a false-positive/false-negative?
its flagging any instance of password string, so something like enablePasswordRetrieval=“false” is being flagged
Are you using
Yes I am using sonar cloud, but the warning is not being flagged there(and therefore can’t be set to ignore), instead it showing as a build warning(Dev Ops build) and failing the no new warnings gate.
SonarQube - which version?
SonarLint - which IDE/version?
in connected mode with SonarQube or SonarCloud?
How can we reproduce the problem? Give us a self-contained snippet (best) or screenshot (good)
Add xml element with following attr enablePasswordRetrieval=“false”
So my dev ops build of a .net website has started to flag S2068 in the web.config as a warning.
My feeling is it would be a false positive, when its not the “password” word alone.
If the consensus is, that it should be a warning, looking for suggestions of how to either edit the particular rule(is regex possible), ignore at the XML file level or get it flagged at the Sonarcloud level so I can ignore there?