Uploaded image for project: 'SonarSwift'
  1. SonarSwift
  2. SONARSWIFT-456

Rule S2068: support URI userinfo component

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3
    • Component/s: Rules

      Description

      The URI user info component can contain a hardcoded password:

      var uri = "scheme://user:azerty123@domain.com" // Sensitive
      uri = "scheme://user:@domain.com" // Compliant
      uri = "scheme://user@domain.com:80" // Compliant
      uri = "scheme://user@domain.com" // Compliant
      uri = "scheme://domain.com/user:azerty123" // Compliant
      

      In the example bellow scheme is a placeholder and represent any URI scheme like http, https or ssh

      Exception: no issue should be raised if user and password part of the userinfo component are the same:

      let uri = "scheme://admin:admin@domain.com" // Compliant
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                arseniy.zaostrovnykh Arseniy Zaostrovnykh
                Reporter:
                pierre-loup.tristant Pierre-Loup Tristant
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: