With Sonar * Version 10.4.1, we were using a java rule for “configuring loggers is security-sensitive” - Java:S4792. But the problem is that we realised the rule now is deprecated. So I want to know if its posible, if this rule is going to be replaced by other rule or it just going to be deleted.
Thanks you for reading.
Hello @frbellido and welcome to the community!
To make it short, there is no replacement for this rule because we felt like it did not provide enough value, and was on top of that very noisy.
The rule did not raise actual problems, but it raised any time a logger was configured. While it is of course a possibility that a logger is configured incorrectly, this applies to anything that can be configured, i.e. basically any library you use.
We would like to focus our findings on actual issues in the code, so that developers can spend their time on findings that make a difference.