Why I'm getting Hard coded password found here?

  private String p12Name;

  private String p12Alias;

  private String p12Token;
    KeyStore keystore = KeyStore.getInstance("PKCS12");
        this.getClass().getClassLoader().getResourceAsStream(p12Name), p12Token.toCharArray());
    PrivateKey key = (PrivateKey) keystore.getKey(p12Alias, p12Token.toCharArray());

I’m getting SQ error in the line ‘keystore.load(’.
SQ version is 9.9 (build 65466)

Hey there.

I’ve moved your post to the section on reporting false-positives.

Can you specify which rule is raising an issue (the rule ID), or share a screenshot?

It’s (not java:S6437 ), findsecbugs:HARD_CODE_PASSWORD

this is a screenshot of this issue:

Ah, that’s a different story then. The issue is being raised by GitHub - findbugsproject/findbugs: The new home of the FindBugs project (via https://github.com/spotbugs/sonar-findbugs), and you’ll have to raise an issue with the maintainer.

1 Like