Uploaded image for project: 'SonarSlang'
  1. SonarSlang
  2. SONARSLANG-496

Rule S2068 [Scala] should detect basic usage of hardcoded credentials

    XMLWordPrintable

    Details

    • Type: False Negative
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.8
    • Component/s: Scala

      Description

      For Scala, passwords obviously stored in variables and urls are not detected:

      for the first 4 it should raise because:

      • "password", "passwd", "pwd" and "passphrase" are sensitive items in the wordlist
      • the values assigned to the variables are not empty (see SONARSLANG-473)
      • the values assigned to the variables are not trivial (see SONARSLANG-474)

      the fifth case is detected as expected because it looks like a password in an url but not the last one (see at the bottom of SONARSLANG-474 for related sensitive cases to detect)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              amelie.renard Amélie Renard
              Reporter:
              eric.therond Eric Therond
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: