• Home
• org.sonarsource.text
• sonar-text-plugin
• 2.20.0.5038
• source code
• sonarqube.yaml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.plugins.secrets.configuration.sonarqube.yaml Maven / Gradle / Ivy

provider:
  metadata:
    name: SonarQube
    category: Code Analysis
    message: Make sure this SonarQube token gets revoked, changed, and removed from the code.
  detection:
    pre:
      include:
        content:
          - sonar
          - sqa_
          - sqp_
          - squ_

  rules:
    - id: sonarqube-token-with-prefix
      rspecKey: S6702
      metadata:
        name: SonarQube tokens should not be disclosed
      detection:
        matching:
          pattern: "\\b(sq[apu]_[0-9a-f]{40})\\b"
      examples:
        - text: |
            sonar.login=sqp_sonarqube_token
          containsSecret: false
        - text: |
            sonar.login=sqp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
          containsSecret: false
        - text: |
            sonar.projectKey=example
            sonar.host.url=http://sonarqube.example
            sonar.login=sqp_b4556a16fa2d28519d2451a911d2e073024010bc
            sonar.sources=src
            sonar.exclusions=*.tests.*
          containsSecret: true
          match: sqp_b4556a16fa2d28519d2451a911d2e073024010bc
        - text: |
            property "sonar.projectKey", "example"
            property "sonar.organization", "example"
            property "sonar.login", "squ_b4556a16fa2d28519d2451a911d2e073024010bc"
            property "sonar.host.url", "https://sonarqube.example"
          containsSecret: true
          match: squ_b4556a16fa2d28519d2451a911d2e073024010bc
        - text: |
            SONARQUBE_SERVER_URL: process.env.SONARQUBE_SERVER_URL || 'https://sonarqube.example',
            SONARQUBE_TOKEN: process.env.SONARQUBE_TOKEN || 'squ_b4556a16fa2d28519d2451a911d2e073024010bc',
          containsSecret: true
          match: squ_b4556a16fa2d28519d2451a911d2e073024010bc
        - text: |
            mvn clean verify sonar:sonar -Dsonar.login=squ_b4556a16fa2d28519d2451a911d2e073024010bc
          containsSecret: true
          match: squ_b4556a16fa2d28519d2451a911d2e073024010bc
        - text: |
            @echo off
            setx "SONAR_TOKEN" "sqa_b4556a16fa2d28519d2451a911d2e073024010bc"
            mvn -fn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
          containsSecret: true
          match: sqa_b4556a16fa2d28519d2451a911d2e073024010bc
        - text: |
            
              
              
            
          containsSecret: true
          match: sqa_b4556a16fa2d28519d2451a911d2e073024010bc
        - text: |
            params:
            - name: SONAR_PROJECT_KEY
              value: my_project_key
            - name: SONAR_LOGIN
              value: sqa_b4556a16fa2d28519d2451a911d2e073024010bc
          containsSecret: true
          match: sqa_b4556a16fa2d28519d2451a911d2e073024010bc
        - text: |
            // noncompliant example
            props.set("sonar_secret", "squ_b4556a16fa2d28519d2451a911d2e073024010bc")
          containsSecret: true
          match: squ_b4556a16fa2d28519d2451a911d2e073024010bc
        - text: |
            // compliant example
            props.set("sonar_secret", System.getenv("SONAR_SECRET"))
          containsSecret: false
          
    - id: sonarqube-legacy-token
      rspecKey: S6702
      metadata:
        name: SonarQube tokens should not be disclosed
      detection:
        matching:
          # `.{1,30}?` allows for some content between the prefix and the token, but ensures that the values are close
          # enough to be related. Ideally we'd just match the 40 hex chars here, then do post-match on +/- 1 line to
          # look for the prefix.
          pattern: "(?is)\\bD?sonar(?:qube)?[_.]?(?:login|token)\\b.{1,30}?\\b([0-9a-f]{40})\\b(?
              
              
            
          containsSecret: true
          match: 9acf34ff1e738bcd6d5daf102a8cfcb8a158e44e
        - text: |
            params:
            - name: SONAR_PROJECT_KEY
              value: my_project_key
            - name: SONAR_LOGIN
              value: 9acf34ff1e738bcd6d5daf102a8cfcb8a158e44e
          containsSecret: true
          match: 9acf34ff1e738bcd6d5daf102a8cfcb8a158e44e