Skip to content

SONARJAVA-6528 S2068, S6418, and S6437: Make use of common secret exclusion filter#5745

Open
pierre-loup-tristant-sonarsource wants to merge 1 commit into
masterfrom
plt/sonarjava-6528
Open

SONARJAVA-6528 S2068, S6418, and S6437: Make use of common secret exclusion filter#5745
pierre-loup-tristant-sonarsource wants to merge 1 commit into
masterfrom
plt/sonarjava-6528

Conversation

@pierre-loup-tristant-sonarsource

@pierre-loup-tristant-sonarsource pierre-loup-tristant-sonarsource commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Part of SONARJAVA-6528


Summary by Gitar

  • Dependency updates:
    • Upgraded analyzer-commons to version 2.25.0.4954.
  • Security checks improvements:
    • Integrated SecretClassifier into S2068, S6418, and S6437 to filter out known non-secret fake values.
    • Refactored AbstractHardCodedCredentialChecker to use SecretClassifier for identifying potential credentials instead of hardcoded lists and length checks.

This will update automatically on new commits.

@hashicorp-vault-sonar-prod

hashicorp-vault-sonar-prod Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

SONARJAVA-6528

String variable6 = "login=a&bazooka=xxx"; // Compliant, short value filter
String variable6_2 = "login=a&bazooka=xvxf6_gaa"; // Noncompliant

String variableNameWithBazookaInIt = "xxx"; // Compliant, , short value filter

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Quality: Typos in new test-fixture comments

A few of the newly added/modified explanatory comments contain typos:

  • HardCodedPasswordCheckCustom.java:20 and :28 both read // Compliant, , short value filter with a doubled comma.
  • HardCodedPasswordCheckSample.java:226 uses a triple-slash /// instead of // (myA.setProperty("password", "xxxxx"); /// Compliant, short value filter).

These are harmless to the check semantics (comments only) but worth cleaning up for consistency with the surrounding fixtures. Fix by removing the extra comma and the extra slash respectively.

Was this helpful? React with 👍 / 👎

@gitar-bot

gitar-bot Bot commented Jul 6, 2026

Copy link
Copy Markdown
Code Review 👍 Approved with suggestions 0 resolved / 1 findings

Refactors S2068, S6418, and S6437 to utilize the common secret exclusion filter. Address minor typos identified in the new test-fixture comments to finalize the implementation.

💡 Quality: Typos in new test-fixture comments

📄 java-checks-test-sources/default/src/main/java/checks/HardCodedPasswordCheckCustom.java:20 📄 java-checks-test-sources/default/src/main/java/checks/HardCodedPasswordCheckCustom.java:28 📄 java-checks-test-sources/default/src/main/java/checks/HardCodedPasswordCheckSample.java:226 📄 java-checks-test-sources/aws/src/main/java/checks/security/HardCodedCredentialsShouldNotBeUsedCheckSample.java:146

A few of the newly added/modified explanatory comments contain typos:

  • HardCodedPasswordCheckCustom.java:20 and :28 both read // Compliant, , short value filter with a doubled comma.
  • HardCodedPasswordCheckSample.java:226 uses a triple-slash /// instead of // (myA.setProperty("password", "xxxxx"); /// Compliant, short value filter).

These are harmless to the check semantics (comments only) but worth cleaning up for consistency with the surrounding fixtures. Fix by removing the extra comma and the extra slash respectively.

🤖 Prompt for agents
Code Review: Refactors S2068, S6418, and S6437 to utilize the common secret exclusion filter. Address minor typos identified in the new test-fixture comments to finalize the implementation.

1. 💡 Quality: Typos in new test-fixture comments
   Files: java-checks-test-sources/default/src/main/java/checks/HardCodedPasswordCheckCustom.java:20, java-checks-test-sources/default/src/main/java/checks/HardCodedPasswordCheckCustom.java:28, java-checks-test-sources/default/src/main/java/checks/HardCodedPasswordCheckSample.java:226, java-checks-test-sources/aws/src/main/java/checks/security/HardCodedCredentialsShouldNotBeUsedCheckSample.java:146

   A few of the newly added/modified explanatory comments contain typos:
   - `HardCodedPasswordCheckCustom.java:20` and `:28` both read `// Compliant, , short value filter` with a doubled comma.
   - `HardCodedPasswordCheckSample.java:226` uses a triple-slash `///` instead of `//` (`myA.setProperty("password", "xxxxx"); /// Compliant, short value filter`).
   
   These are harmless to the check semantics (comments only) but worth cleaning up for consistency with the surrounding fixtures. Fix by removing the extra comma and the extra slash respectively.

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.

Comment with these commands to change the behavior for this request:

Auto-apply Compact
gitar auto-apply:on         
gitar display:verbose         

Was this helpful? React with 👍 / 👎 | Gitar

@sonarqube-next

sonarqube-next Bot commented Jul 6, 2026

Copy link
Copy Markdown

@asya-vorobeva asya-vorobeva left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants