What is the full parameter key of "credentialWords" in golang security hotspot rules?

chengjingtao · June 6, 2022, 1:13pm

Hi, I see that the rule “Hard-coded credentials are security-sensitive” in golang security hotspot and It’s recommended to customize the configuration of this rule with additional credential words.

I want to add a new credential words “key”. But I don’t konw the full parameter key of “credentialWords” .

I have tried all theses names:

sonar.go.S2068.credentialWords=password,passwd,pwd,passphrase,key
sonar.go.s2068.credentialWords=password,passwd,pwd,passphrase,key
sonar.go.credentialWords=password,passwd,pwd,passphrase,key
sonar.go.credentialwords=password,passwd,pwd,passphrase,key
sonar.credentialwords=password,passwd,pwd,passphrase,key
sonar.credentialWords=password,passwd,pwd,passphrase,key

It doesn’t work, it frustrats me for a long time.

Please help me , how should I customize the configuration of this rule with additional credential words?
What is the key of “credentialWords”.

Informations:

Version: Community Edition Version 8.9.2 (build 46101)
I found the source code is here HardcodedCredentialsCheck.java#L48 , But I am not familiar with it

ganncamp · June 6, 2022, 3:05pm

Hi,

Welcome to the community!

You need to configure this through the UI. If you’re using the Sonar way profile, you’ll find that it’s not configurable. In that case, you’ll need to make a copy of the Sonar way profile, set it as the default, and update the parameter in the copy.

HTH,
Ann

chengjingtao · June 6, 2022, 3:17pm

Thanks so much, it works now.
Thank you !