<sonar.buildVersion>7.9.1</sonar.buildVersion>
<!-- following properties must be set in command-line : sonar.runtimeVersion and sonarRunner.version -->
- <maven.compiler.release>8</maven.compiler.release>
+ <maven.compiler.release>11</maven.compiler.release>
</properties>
<dependencies>
<!-- Release: enable publication to Bintray -->
<artifactsToPublish>${project.groupId}:${project.artifactId}:zip,${project.groupId}:${project.artifactId}:zip:linux,${project.groupId}:${project.artifactId}:zip:windows,${project.groupId}:${project.artifactId}:zip:macosx,${project.groupId}:${project.artifactId}:json:cyclonedx</artifactsToPublish>
- <maven.compiler.release>8</maven.compiler.release>
+ <maven.compiler.release>11</maven.compiler.release>
</properties>
<dependencies>
<rules>
<requireFilesSize>
<minsize>560000</minsize>
- <maxsize>590000</maxsize>
+ <maxsize>600000</maxsize>
<files>
<file>${project.build.directory}/sonar-scanner-${project.version}.zip</file>
</files>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<configuration>
- <source>8</source>
+ <source>11</source>
</configuration>
</plugin>
<plugin>
*/
package org.sonarsource.scanner.cli;
+import java.util.Set;
+import java.util.regex.Pattern;
+import java.util.stream.Collectors;
+
class SystemInfo {
+ private static final Set<String> SENSITIVE_JVM_ARGUMENTS = Set.of(
+ "-Dsonar.login",
+ "-Dsonar.password",
+ "-Dsonar.token");
+ private static final Pattern PATTERN_ARGUMENT_SEPARATOR = Pattern.compile("\\s+");
private static System2 system = new System2();
private SystemInfo() {
logger.info(os());
String scannerOpts = system.getenv("SONAR_SCANNER_OPTS");
if (scannerOpts != null) {
- logger.info("SONAR_SCANNER_OPTS=" + scannerOpts);
+ logger.info("SONAR_SCANNER_OPTS=" + redactSensitiveArguments(scannerOpts));
+ }
+ }
+
+ private static String redactSensitiveArguments(String scannerOpts) {
+ return PATTERN_ARGUMENT_SEPARATOR.splitAsStream(scannerOpts)
+ .map(SystemInfo::redactArgumentIfSensistive)
+ .collect(Collectors.joining(" "));
+ }
+
+ private static String redactArgumentIfSensistive(String argument) {
+ String[] elems = argument.split("=");
+ if (elems.length > 0 && SENSITIVE_JVM_ARGUMENTS.contains(elems[0])) {
+ return elems[0] + "=*";
}
+ return argument;
}
static String java() {
verify(logs).info("SONAR_SCANNER_OPTS=arg");
verifyNoMoreInteractions(logs);
}
+
+ @Test
+ public void should_not_print_sensitive_data() {
+ mockOs();
+ mockJava();
+ when(mockSystem.getenv("SONAR_SCANNER_OPTS"))
+ .thenReturn("-Dsonar.login=login -Dsonar.whatever=whatever -Dsonar.password=password -Dsonar.whatever2=whatever2 -Dsonar.token=token");
+
+ SystemInfo.print(logs);
+
+ verify(logs).info("SONAR_SCANNER_OPTS=-Dsonar.login=* -Dsonar.whatever=whatever -Dsonar.password=* -Dsonar.whatever2=whatever2 -Dsonar.token=*");
+ }
}
projects / sonar-scanner-cli.git / commitdiff