Uploaded image for project: 'SonarSlang'
  1. SonarSlang
  2. SONARSLANG-472

Rule S2068: support url userinfo component

    XMLWordPrintable

    Details

      Description

      The URL user info component can contain a hard-coded password:

      • Go
        url1 := "scheme://user:azerty123@domain.com" // Sensitive
        url2 := "scheme://user:@domain.com"           // Compliant
        url3 := "scheme://user@domain.com:80"         // Compliant
        url4 := "scheme://user@domain.com"            // Compliant
        url5 := "scheme://domain.com/user:azerty123"  // Compliant
        
      • Ruby
        url1 = "scheme://user:azerty123@domain.com" # Sensitive
        url2 = "scheme://user:@domain.com"           # Compliant
        url3 = "scheme://user@domain.com:80"         # Compliant
        url4 = "scheme://user@domain.com"            # Compliant
        url5 = "scheme://domain.com/user:azerty123"  # Compliant
        
      • Apex
        String url1 = 'scheme://user:azerty123@domain.com'; // Sensitive
        String url2 = 'scheme://user:@domain.com'; // Compliant
        String url3 = 'scheme://user@domain.com:80'; // Compliant
        String url4 = 'scheme://user@domain.com'; // Compliant
        String url5 = 'scheme://domain.com/user:azerty123'; // Compliant
        
      • Kotlin
        val url1 = "scheme://user:azerty123@domain.com" // Sensitive
        val url2 = "scheme://user:@domain.com"           // Compliant
        val url3 = "scheme://user@domain.com:80"         // Compliant
        val url4 = "scheme://user@domain.com"            // Compliant
        val url5 = "scheme://domain.com/user:azerty123"  // Compliant
        
      • Scala
        val url = "scheme://user:azerty123@domain.com" // Sensitive
        val url = "scheme://user:@domain.com"           // Compliant
        val url = "scheme://user@domain.com:80"         // Compliant
        val url = "scheme://user@domain.com"            // Compliant
        val url = "scheme://domain.com/user:azerty123"  // Compliant
        

      Exception: no issue should be raised if user and password part of the userinfo component are the same:

      • Kotlin
        val url1 = "scheme://admin:admin@domain.com" // Compliant
        

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              amelie.renard Amélie Renard
              Reporter:
              pierre-loup.tristant Pierre-Loup Tristant
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: