Uploaded image for project: 'SonarSwift'
  1. SonarSwift
  2. SONARSWIFT-456

Rule S2068: support URI userinfo component

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3
    • Component/s: Rules

      Description

      The URI user info component can contain a hardcoded password:

      var uri = "scheme://user:azerty123@domain.com" // Sensitive
      uri = "scheme://user:@domain.com" // Compliant
      uri = "scheme://user@domain.com:80" // Compliant
      uri = "scheme://user@domain.com" // Compliant
      uri = "scheme://domain.com/user:azerty123" // Compliant
      

      In the example bellow scheme is a placeholder and represent any URI scheme like http, https or ssh

      Exception: no issue should be raised if user and password part of the userinfo component are the same:

      let uri = "scheme://admin:admin@domain.com" // Compliant
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              arseniy.zaostrovnykh Arseniy Zaostrovnykh
              Reporter:
              pierre-loup.tristant Pierre-Loup Tristant
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: