@@ -25,7 +25,7 @@ | |||
<sonar.buildVersion>7.9.1</sonar.buildVersion> | |||
<!-- following properties must be set in command-line : sonar.runtimeVersion and sonarRunner.version --> | |||
<maven.compiler.release>8</maven.compiler.release> | |||
<maven.compiler.release>11</maven.compiler.release> | |||
</properties> | |||
<dependencies> |
@@ -59,7 +59,7 @@ | |||
<!-- Release: enable publication to Bintray --> | |||
<artifactsToPublish>${project.groupId}:${project.artifactId}:zip,${project.groupId}:${project.artifactId}:zip:linux,${project.groupId}:${project.artifactId}:zip:windows,${project.groupId}:${project.artifactId}:zip:macosx,${project.groupId}:${project.artifactId}:json:cyclonedx</artifactsToPublish> | |||
<maven.compiler.release>8</maven.compiler.release> | |||
<maven.compiler.release>11</maven.compiler.release> | |||
</properties> | |||
<dependencies> | |||
@@ -179,7 +179,7 @@ | |||
<rules> | |||
<requireFilesSize> | |||
<minsize>560000</minsize> | |||
<maxsize>590000</maxsize> | |||
<maxsize>600000</maxsize> | |||
<files> | |||
<file>${project.build.directory}/sonar-scanner-${project.version}.zip</file> | |||
</files> | |||
@@ -193,7 +193,7 @@ | |||
<groupId>org.apache.maven.plugins</groupId> | |||
<artifactId>maven-javadoc-plugin</artifactId> | |||
<configuration> | |||
<source>8</source> | |||
<source>11</source> | |||
</configuration> | |||
</plugin> | |||
<plugin> |
@@ -19,7 +19,16 @@ | |||
*/ | |||
package org.sonarsource.scanner.cli; | |||
import java.util.Set; | |||
import java.util.regex.Pattern; | |||
import java.util.stream.Collectors; | |||
class SystemInfo { | |||
private static final Set<String> SENSITIVE_JVM_ARGUMENTS = Set.of( | |||
"-Dsonar.login", | |||
"-Dsonar.password", | |||
"-Dsonar.token"); | |||
private static final Pattern PATTERN_ARGUMENT_SEPARATOR = Pattern.compile("\\s+"); | |||
private static System2 system = new System2(); | |||
private SystemInfo() { | |||
@@ -35,8 +44,22 @@ class SystemInfo { | |||
logger.info(os()); | |||
String scannerOpts = system.getenv("SONAR_SCANNER_OPTS"); | |||
if (scannerOpts != null) { | |||
logger.info("SONAR_SCANNER_OPTS=" + scannerOpts); | |||
logger.info("SONAR_SCANNER_OPTS=" + redactSensitiveArguments(scannerOpts)); | |||
} | |||
} | |||
private static String redactSensitiveArguments(String scannerOpts) { | |||
return PATTERN_ARGUMENT_SEPARATOR.splitAsStream(scannerOpts) | |||
.map(SystemInfo::redactArgumentIfSensistive) | |||
.collect(Collectors.joining(" ")); | |||
} | |||
private static String redactArgumentIfSensistive(String argument) { | |||
String[] elems = argument.split("="); | |||
if (elems.length > 0 && SENSITIVE_JVM_ARGUMENTS.contains(elems[0])) { | |||
return elems[0] + "=*"; | |||
} | |||
return argument; | |||
} | |||
static String java() { |
@@ -89,4 +89,16 @@ public class SystemInfoTest { | |||
verify(logs).info("SONAR_SCANNER_OPTS=arg"); | |||
verifyNoMoreInteractions(logs); | |||
} | |||
@Test | |||
public void should_not_print_sensitive_data() { | |||
mockOs(); | |||
mockJava(); | |||
when(mockSystem.getenv("SONAR_SCANNER_OPTS")) | |||
.thenReturn("-Dsonar.login=login -Dsonar.whatever=whatever -Dsonar.password=password -Dsonar.whatever2=whatever2 -Dsonar.token=token"); | |||
SystemInfo.print(logs); | |||
verify(logs).info("SONAR_SCANNER_OPTS=-Dsonar.login=* -Dsonar.whatever=whatever -Dsonar.password=* -Dsonar.whatever2=whatever2 -Dsonar.token=*"); | |||
} | |||
} |