Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-8153

Do not export sensitive settings in System Info

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.6-M3, 6.6
    • Component/s: None
    • Labels:

      Description

      The JSON export of "System Info" (see link "Download") must not contain sensitive data in the section "Settings".

      It must exclude:

      • the settings defined in sonar.properties. Note that JDBC information are still available in the section "Database"

      Values of following properties must be replaced by "********" :

      • the settings for which the key is suffixed by ".secured"
      • passwords (property with type PASSWORD)
      • the settings for which the key contains "password" or "passcode" (insensitive checks)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              simon.brandhof Simon Brandhof (Inactive)
              Reporter:
              simon.brandhof Simon Brandhof (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: