SONARJAVA-6528 S2068, S6418, and S6437: Make use of common secret exclusion filter#5745
SONARJAVA-6528 S2068, S6418, and S6437: Make use of common secret exclusion filter#5745pierre-loup-tristant-sonarsource wants to merge 1 commit into
Conversation
da498a5 to
7dc970a
Compare
| String variable6 = "login=a&bazooka=xxx"; // Compliant, short value filter | ||
| String variable6_2 = "login=a&bazooka=xvxf6_gaa"; // Noncompliant | ||
|
|
||
| String variableNameWithBazookaInIt = "xxx"; // Compliant, , short value filter |
There was a problem hiding this comment.
💡 Quality: Typos in new test-fixture comments
A few of the newly added/modified explanatory comments contain typos:
HardCodedPasswordCheckCustom.java:20and:28both read// Compliant, , short value filterwith a doubled comma.HardCodedPasswordCheckSample.java:226uses a triple-slash///instead of//(myA.setProperty("password", "xxxxx"); /// Compliant, short value filter).
These are harmless to the check semantics (comments only) but worth cleaning up for consistency with the surrounding fixtures. Fix by removing the extra comma and the extra slash respectively.
Was this helpful? React with 👍 / 👎
7dc970a to
8067e70
Compare
8067e70 to
d6658b5
Compare
Code Review 👍 Approved with suggestions 0 resolved / 1 findingsRefactors S2068, S6418, and S6437 to utilize the common secret exclusion filter. Address minor typos identified in the new test-fixture comments to finalize the implementation. 💡 Quality: Typos in new test-fixture comments📄 java-checks-test-sources/default/src/main/java/checks/HardCodedPasswordCheckCustom.java:20 📄 java-checks-test-sources/default/src/main/java/checks/HardCodedPasswordCheckCustom.java:28 📄 java-checks-test-sources/default/src/main/java/checks/HardCodedPasswordCheckSample.java:226 📄 java-checks-test-sources/aws/src/main/java/checks/security/HardCodedCredentialsShouldNotBeUsedCheckSample.java:146 A few of the newly added/modified explanatory comments contain typos:
These are harmless to the check semantics (comments only) but worth cleaning up for consistency with the surrounding fixtures. Fix by removing the extra comma and the extra slash respectively. 🤖 Prompt for agentsOptionsAuto-apply is off → Gitar will not commit updates to this branch. Comment with these commands to change the behavior for this request:
Was this helpful? React with 👍 / 👎 | Gitar |
|




Part of SONARJAVA-6528
Summary by Gitar
analyzer-commonsto version2.25.0.4954.SecretClassifierintoS2068,S6418, andS6437to filter out known non-secret fake values.AbstractHardCodedCredentialCheckerto useSecretClassifierfor identifying potential credentials instead of hardcoded lists and length checks.This will update automatically on new commits.