Uploaded image for project: 'SonarScanner CLI'
  1. SonarScanner CLI
  2. SQSCANNER-11

Even when encrypted in properties, JDBC URL is logged decrypted in Sonar Scanner output

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 2.5
    • Fix Version/s: None

      Description

      On SonarQube 4.x when encryption is used and that the sonar.jdbc.url is encrypted, the SonarQube log (sonar.log) as well as the logs of the Sonar Scanner(s) displays the JDBC URL in decrypted form.
      This looks like a security breach, especially on the scanner side.
      The problem becomes irrelevant for the Scanners with SonarQube 5.2+ but remains for SonarQube itself if the problem is still there (I did not test on 5.2+).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              olivier.korach Olivier Korach
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: