SONAR-7598 Hide sensitive properties in scanner report for global properties

diff --git a/sonar-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java b/sonar-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java
index d294f55db65c3550b173c83e5c686702f7b2ca40..38706664ff869cdcac207500b1c4f141766c006d 100644 (file)
--- a/sonar-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java
+++ b/sonar-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java
@@ -115,8 +115,8 @@ public class AnalysisContextReportPublisher {
   private void writeGlobalSettings(BufferedWriter fileWriter) throws IOException {
     fileWriter.append("Global properties:\n");
     Map<String, String> props = globalRepositories.globalSettings();
-    for (String env : new TreeSet<>(props.keySet())) {
-      fileWriter.append(String.format(KEY_VALUE_FORMAT, env, props.get(env))).append('\n');
+    for (String prop : new TreeSet<>(props.keySet())) {
+      dumpPropIfNotSensitive(fileWriter, prop, props.get(prop));
     }
   }
 
@@ -133,13 +133,17 @@ public class AnalysisContextReportPublisher {
         if (isSystemProp(prop) || isEnvVariable(prop) || !isSqProp(prop)) {
           continue;
         }
-        fileWriter.append(String.format(KEY_VALUE_FORMAT, prop, sensitive(prop) ? "******" : moduleSpecificProps.get(prop))).append('\n');
+        dumpPropIfNotSensitive(fileWriter, prop, moduleSpecificProps.get(prop));
       }
     } catch (IOException e) {
       throw new IllegalStateException("Unable to write analysis log", e);
     }
   }
 
+  private static void dumpPropIfNotSensitive(BufferedWriter fileWriter, String prop, String value) throws IOException {
+    fileWriter.append(String.format(KEY_VALUE_FORMAT, prop, sensitive(prop) ? "******" : value)).append('\n');
+  }
+
   /**
    * Only keep props that are not in parent
    */

diff --git a/sonar-scanner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java b/sonar-scanner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java
index 82e3346ca60a5765f35fe416d0838c2e85a643bd..15bae3ea270235558194f3f40f243f87a874abe6 100644 (file)
--- a/sonar-scanner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java
+++ b/sonar-scanner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java
@@ -181,7 +181,7 @@ public class AnalysisContextReportPublisherTest {
   }
 
   @Test
-  public void shouldNotDumpSensitiveProperties() throws Exception {
+  public void shouldNotDumpSensitiveModuleProperties() throws Exception {
     ScannerReportWriter writer = new ScannerReportWriter(temp.newFolder());
     publisher.init(writer);
 
@@ -201,6 +201,20 @@ public class AnalysisContextReportPublisherTest {
       "sonar.projectKey=foo");
   }
 
+  // SONAR-7598
+  @Test
+  public void shouldNotDumpSensitiveGlobalProperties() throws Exception {
+    ScannerReportWriter writer = new ScannerReportWriter(temp.newFolder());
+    when(globalRepositories.globalSettings()).thenReturn(ImmutableMap.of("sonar.login", "my_token", "sonar.password", "azerty", "sonar.cpp.license.secured", "AZERTY"));
+
+    publisher.init(writer);
+
+    assertThat(FileUtils.readFileToString(writer.getFileStructure().analysisLog())).containsSequence(
+      "sonar.cpp.license.secured=******",
+      "sonar.login=******",
+      "sonar.password=******");
+  }
+
   // SONAR-7371
   @Test
   public void dontDumpParentProps() throws Exception {