From 2060793a67a2e145332bcd780b166a76b9bb0672 Mon Sep 17 00:00:00 2001 From: Julien HENRY Date: Mon, 9 May 2016 10:45:12 +0200 Subject: [PATCH] SONAR-7598 Hide sensitive properties in scanner report for global properties --- .../report/AnalysisContextReportPublisher.java | 10 +++++++--- .../AnalysisContextReportPublisherTest.java | 16 +++++++++++++++- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/sonar-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java b/sonar-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java index d294f55db65..38706664ff8 100644 --- a/sonar-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java +++ b/sonar-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java @@ -115,8 +115,8 @@ public class AnalysisContextReportPublisher { private void writeGlobalSettings(BufferedWriter fileWriter) throws IOException { fileWriter.append("Global properties:\n"); Map props = globalRepositories.globalSettings(); - for (String env : new TreeSet<>(props.keySet())) { - fileWriter.append(String.format(KEY_VALUE_FORMAT, env, props.get(env))).append('\n'); + for (String prop : new TreeSet<>(props.keySet())) { + dumpPropIfNotSensitive(fileWriter, prop, props.get(prop)); } } @@ -133,13 +133,17 @@ public class AnalysisContextReportPublisher { if (isSystemProp(prop) || isEnvVariable(prop) || !isSqProp(prop)) { continue; } - fileWriter.append(String.format(KEY_VALUE_FORMAT, prop, sensitive(prop) ? "******" : moduleSpecificProps.get(prop))).append('\n'); + dumpPropIfNotSensitive(fileWriter, prop, moduleSpecificProps.get(prop)); } } catch (IOException e) { throw new IllegalStateException("Unable to write analysis log", e); } } + private static void dumpPropIfNotSensitive(BufferedWriter fileWriter, String prop, String value) throws IOException { + fileWriter.append(String.format(KEY_VALUE_FORMAT, prop, sensitive(prop) ? "******" : value)).append('\n'); + } + /** * Only keep props that are not in parent */ diff --git a/sonar-scanner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java b/sonar-scanner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java index 82e3346ca60..15bae3ea270 100644 --- a/sonar-scanner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java +++ b/sonar-scanner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java @@ -181,7 +181,7 @@ public class AnalysisContextReportPublisherTest { } @Test - public void shouldNotDumpSensitiveProperties() throws Exception { + public void shouldNotDumpSensitiveModuleProperties() throws Exception { ScannerReportWriter writer = new ScannerReportWriter(temp.newFolder()); publisher.init(writer); @@ -201,6 +201,20 @@ public class AnalysisContextReportPublisherTest { "sonar.projectKey=foo"); } + // SONAR-7598 + @Test + public void shouldNotDumpSensitiveGlobalProperties() throws Exception { + ScannerReportWriter writer = new ScannerReportWriter(temp.newFolder()); + when(globalRepositories.globalSettings()).thenReturn(ImmutableMap.of("sonar.login", "my_token", "sonar.password", "azerty", "sonar.cpp.license.secured", "AZERTY")); + + publisher.init(writer); + + assertThat(FileUtils.readFileToString(writer.getFileStructure().analysisLog())).containsSequence( + "sonar.cpp.license.secured=******", + "sonar.login=******", + "sonar.password=******"); + } + // SONAR-7371 @Test public void dontDumpParentProps() throws Exception { -- 2.39.5