SONARJAVA-6528 S2068, S6418, and S6437: Make use of common secret exclusion filter#5745
SONARJAVA-6528 S2068, S6418, and S6437: Make use of common secret exclusion filter#5745pierre-loup-tristant-sonarsource wants to merge 1 commit into
Conversation
da498a5 to
7dc970a
Compare
| String variable6 = "login=a&bazooka=xxx"; // Compliant, short value filter | ||
| String variable6_2 = "login=a&bazooka=xvxf6_gaa"; // Noncompliant | ||
|
|
||
| String variableNameWithBazookaInIt = "xxx"; // Compliant, , short value filter |
There was a problem hiding this comment.
💡 Quality: Typos in new test-fixture comments
A few of the newly added/modified explanatory comments contain typos:
HardCodedPasswordCheckCustom.java:20and:28both read// Compliant, , short value filterwith a doubled comma.HardCodedPasswordCheckSample.java:226uses a triple-slash///instead of//(myA.setProperty("password", "xxxxx"); /// Compliant, short value filter).
These are harmless to the check semantics (comments only) but worth cleaning up for consistency with the surrounding fixtures. Fix by removing the extra comma and the extra slash respectively.
Was this helpful? React with 👍 / 👎
7dc970a to
8067e70
Compare
|
CI failed: The PR causes test failures in the `java-checks-aws` module, specifically in `HardCodedCredentialsShouldNotBeUsedCheckTest`, due to a discrepancy between the expected and actual number of detected security issues.OverviewMultiple CI jobs failed consistently during the test execution phase of the FailuresTest Regression in HardCodedCredentialsShouldNotBeUsedCheckTest (confidence: high)
Summary
Code Review 👍 Approved with suggestions 0 resolved / 1 findingsRefactors S2068, S6418, and S6437 to utilize the common secret exclusion filter. Address minor typos identified in the new test-fixture comments to finalize the implementation. 💡 Quality: Typos in new test-fixture comments📄 java-checks-test-sources/default/src/main/java/checks/HardCodedPasswordCheckCustom.java:20 📄 java-checks-test-sources/default/src/main/java/checks/HardCodedPasswordCheckCustom.java:28 📄 java-checks-test-sources/default/src/main/java/checks/HardCodedPasswordCheckSample.java:226 📄 java-checks-test-sources/aws/src/main/java/checks/security/HardCodedCredentialsShouldNotBeUsedCheckSample.java:146 A few of the newly added/modified explanatory comments contain typos:
These are harmless to the check semantics (comments only) but worth cleaning up for consistency with the surrounding fixtures. Fix by removing the extra comma and the extra slash respectively. 🤖 Prompt for agentsTip Comment OptionsAuto-apply is off → Gitar will not commit updates to this branch. Comment with these commands to change the behavior for this request:
Was this helpful? React with 👍 / 👎 | Gitar |




Part of SONARJAVA-6528