Uploaded image for project: 'SonarQube Scanner API'
  1. SonarQube Scanner API
  2. SCANNERAPI-149

Do not ignore security when connecting to HTTPS SonarQube Server

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5
    • Component/s: None
    • Labels:
      None

      Description

      All certificates are currently trusted. That's a major security issue.
      The related code badly uses HttpRequest#trustAllCerts() from https://github.com/kevinsawicki/http-request.

      Initial pull request from markjamesbutler: https://github.com/SonarSource/sonar-runner/pull/4

      Standard Java properties must be set to use the keystore:

      -Djavax.net.ssl.keyStore=/path/to/keystore.jks -Djavax.net.ssl.keyStorePassword=password
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              simon.brandhof Simon Brandhof (Inactive)
              Reporter:
              simon.brandhof Simon Brandhof (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: