diff options
| author | Julien HENRY <julien.henry@sonarsource.com> | 2016-05-09 10:45:12 +0200 |
|---|---|---|
| committer | Julien HENRY <julien.henry@sonarsource.com> | 2016-05-10 10:11:04 +0200 |
| commit | 2060793a67a2e145332bcd780b166a76b9bb0672 (patch) | |
| tree | 8bbc9fe49b4b625c5663c579c2b04e7d6895ad53 | |
| parent | 9391fdfd8207d9fb3adba94024528dd3890ceee3 (diff) | |
| download | sonarqube-2060793a67a2e145332bcd780b166a76b9bb0672.tar.gz sonarqube-2060793a67a2e145332bcd780b166a76b9bb0672.zip | |
SONAR-7598 Hide sensitive properties in scanner report for global properties
2 files changed, 22 insertions, 4 deletions
diff --git a/sonar-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java b/sonar-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java index d294f55db65..38706664ff8 100644 --- a/sonar-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java +++ b/sonar-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java @@ -115,8 +115,8 @@ public class AnalysisContextReportPublisher { private void writeGlobalSettings(BufferedWriter fileWriter) throws IOException { fileWriter.append("Global properties:\n"); Map<String, String> props = globalRepositories.globalSettings(); - for (String env : new TreeSet<>(props.keySet())) { - fileWriter.append(String.format(KEY_VALUE_FORMAT, env, props.get(env))).append('\n'); + for (String prop : new TreeSet<>(props.keySet())) { + dumpPropIfNotSensitive(fileWriter, prop, props.get(prop)); } } @@ -133,13 +133,17 @@ public class AnalysisContextReportPublisher { if (isSystemProp(prop) || isEnvVariable(prop) || !isSqProp(prop)) { continue; } - fileWriter.append(String.format(KEY_VALUE_FORMAT, prop, sensitive(prop) ? "******" : moduleSpecificProps.get(prop))).append('\n'); + dumpPropIfNotSensitive(fileWriter, prop, moduleSpecificProps.get(prop)); } } catch (IOException e) { throw new IllegalStateException("Unable to write analysis log", e); } } + private static void dumpPropIfNotSensitive(BufferedWriter fileWriter, String prop, String value) throws IOException { + fileWriter.append(String.format(KEY_VALUE_FORMAT, prop, sensitive(prop) ? "******" : value)).append('\n'); + } + /** * Only keep props that are not in parent */ diff --git a/sonar-scanner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java b/sonar-scanner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java index 82e3346ca60..15bae3ea270 100644 --- a/sonar-scanner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java +++ b/sonar-scanner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java @@ -181,7 +181,7 @@ public class AnalysisContextReportPublisherTest { } @Test - public void shouldNotDumpSensitiveProperties() throws Exception { + public void shouldNotDumpSensitiveModuleProperties() throws Exception { ScannerReportWriter writer = new ScannerReportWriter(temp.newFolder()); publisher.init(writer); @@ -201,6 +201,20 @@ public class AnalysisContextReportPublisherTest { "sonar.projectKey=foo"); } + // SONAR-7598 + @Test + public void shouldNotDumpSensitiveGlobalProperties() throws Exception { + ScannerReportWriter writer = new ScannerReportWriter(temp.newFolder()); + when(globalRepositories.globalSettings()).thenReturn(ImmutableMap.of("sonar.login", "my_token", "sonar.password", "azerty", "sonar.cpp.license.secured", "AZERTY")); + + publisher.init(writer); + + assertThat(FileUtils.readFileToString(writer.getFileStructure().analysisLog())).containsSequence( + "sonar.cpp.license.secured=******", + "sonar.login=******", + "sonar.password=******"); + } + // SONAR-7371 @Test public void dontDumpParentProps() throws Exception { |