SQSCANNER-115 Fix SSF-392

it/pom.xml

@@ -25,7 +25,7 @@
     <sonar.buildVersion>7.9.1</sonar.buildVersion>
     <!-- following properties must be set in command-line : sonar.runtimeVersion and sonarRunner.version -->
 
-    <maven.compiler.release>8</maven.compiler.release>
+    <maven.compiler.release>11</maven.compiler.release>
   </properties>
 
   <dependencies>

pom.xml

@@ -59,7 +59,7 @@
     <!-- Release: enable publication to Bintray -->
     <artifactsToPublish>${project.groupId}:${project.artifactId}:zip,${project.groupId}:${project.artifactId}:zip:linux,${project.groupId}:${project.artifactId}:zip:windows,${project.groupId}:${project.artifactId}:zip:macosx,${project.groupId}:${project.artifactId}:json:cyclonedx</artifactsToPublish>
 
-    <maven.compiler.release>8</maven.compiler.release>
+    <maven.compiler.release>11</maven.compiler.release>
   </properties>
 
   <dependencies>
@@ -179,7 +179,7 @@
               <rules>
                 <requireFilesSize>
                   <minsize>560000</minsize>
-                  <maxsize>590000</maxsize>
+                  <maxsize>600000</maxsize>
                   <files>
                     <file>${project.build.directory}/sonar-scanner-${project.version}.zip</file>
                   </files>
@@ -193,7 +193,7 @@
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-javadoc-plugin</artifactId>
         <configuration>
-      	  <source>8</source>
+      	  <source>11</source>
         </configuration>
       </plugin>
       <plugin>

src/main/java/org/sonarsource/scanner/cli/SystemInfo.java

@@ -19,7 +19,16 @@
  */
 package org.sonarsource.scanner.cli;
 
+import java.util.Set;
+import java.util.regex.Pattern;
+import java.util.stream.Collectors;
+
 class SystemInfo {
+  private static final Set<String> SENSITIVE_JVM_ARGUMENTS = Set.of(
+      "-Dsonar.login",
+      "-Dsonar.password",
+      "-Dsonar.token");
+  private static final Pattern PATTERN_ARGUMENT_SEPARATOR = Pattern.compile("\\s+");
   private static System2 system = new System2();
 
   private SystemInfo() {
@@ -35,8 +44,22 @@ class SystemInfo {
     logger.info(os());
     String scannerOpts = system.getenv("SONAR_SCANNER_OPTS");
     if (scannerOpts != null) {
-      logger.info("SONAR_SCANNER_OPTS=" + scannerOpts);
+      logger.info("SONAR_SCANNER_OPTS=" + redactSensitiveArguments(scannerOpts));
+    }
+  }
+
+  private static String redactSensitiveArguments(String scannerOpts) {
+    return PATTERN_ARGUMENT_SEPARATOR.splitAsStream(scannerOpts)
+      .map(SystemInfo::redactArgumentIfSensistive)
+      .collect(Collectors.joining(" "));
+  }
+
+  private static String redactArgumentIfSensistive(String argument) {
+    String[] elems = argument.split("=");
+    if (elems.length > 0 && SENSITIVE_JVM_ARGUMENTS.contains(elems[0])) {
+      return elems[0] + "=*";
     }
+    return argument;
   }
 
   static String java() {

src/test/java/org/sonarsource/scanner/cli/SystemInfoTest.java

@@ -89,4 +89,16 @@ public class SystemInfoTest {
     verify(logs).info("SONAR_SCANNER_OPTS=arg");
     verifyNoMoreInteractions(logs);
   }
+
+  @Test
+  public void should_not_print_sensitive_data() {
+    mockOs();
+    mockJava();
+    when(mockSystem.getenv("SONAR_SCANNER_OPTS"))
+      .thenReturn("-Dsonar.login=login -Dsonar.whatever=whatever -Dsonar.password=password -Dsonar.whatever2=whatever2 -Dsonar.token=token");
+
+    SystemInfo.print(logs);
+
+    verify(logs).info("SONAR_SCANNER_OPTS=-Dsonar.login=* -Dsonar.whatever=whatever -Dsonar.password=* -Dsonar.whatever2=whatever2 -Dsonar.token=*");
+  }
 }