Getting "Hard coded password found here" exception where (IMHO) it shouldn't #987
Comments
|
Hello, this rule is from findsecbugs |
|
Sorry @gtoison I cannot find plugins version in SonarQube, is this the maybe helpful: |
|
The plugin version should be visible in SonarQube's marketplace page where all the plugins are visible (you need SonarQube admin rights to see that page I think) |
|
It’s version 1.12.0
…On Mon, 4 Mar 2024 at 22:54, Guillaume Toison ***@***.***> wrote:
The plugin version should be visible in SonarQube's marketplace page where
all the plugins are visible (you need SonarQube admin rights to see that
page I think)
—
Reply to this email directly, view it on GitHub
<#987 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AVQBLLHCSTZV7KUG6NJYSXLYWTUPPAVCNFSM6AAAAABEFOC4WSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZXGUZDONRXG4>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Thanks, it would be helpful to report the false positive on https://github.com/find-sec-bugs/find-sec-bugs/issues with a minimal code example reproducing the problem. The code sample you have posted does not have the imports, I guess these are Spring classes but it's not always obvious ;) |
|
Ok, here it is => find-sec-bugs/find-sec-bugs#731 |
Why I'm getting the Hard coded password found here exception here:
`
@value("${p12Name}")
private String p12Name;
@value("${p12Alias}")
private String p12Alias;
@value("${p12Password}")
private String p12Token;
.............
KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(
this.getClass().getClassLoader().getResourceAsStream(p12Name), p12Token.toCharArray());
PrivateKey key = (PrivateKey) keystore.getKey(p12Alias, p12Token.toCharArray());
`
I’m getting this error in the line ‘keystore.load(’.
SQ version is 9.9 (build 65466)
This is the screenshot of this problem:
The text was updated successfully, but these errors were encountered: