Skip to content

SONARKT-656 Implement S6418: Hard-coded secrets are security-sensitive #625

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 19, 2025
Merged

SONARKT-656 Implement S6418: Hard-coded secrets are security-sensitive #625

merged 3 commits into from
Jun 19, 2025
+547 −85

Conversation

leveretka
Copy link
Contributor

@leveretka leveretka commented Jun 13, 2025
edited
Loading

@leveretka leveretka force-pushed the margo/SONARKT-656 branch from 2f6d111 to ba436e9 Compare June 17, 2025 12:21
@leveretka leveretka marked this pull request as ready for review June 17, 2025 12:25
@antonioaversa antonioaversa self-requested a review June 19, 2025 12:24
antonioaversa
antonioaversa approved these changes Jun 19, 2025
View reviewed changes
Copy link
Contributor

@antonioaversa antonioaversa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

antonioaversa
antonioaversa reviewed Jun 19, 2025
View reviewed changes
sonar-kotlin-checks/src/main/java/org/sonarsource/kotlin/checks/HardcodedSecretsCheck.kt
override fun isSensitiveStringLiteral(value: String): Boolean {
return value.isNotEmpty()
&& value.length >= MINIMUM_CREDENTIAL_LENGTH
&& getEntropyDetector().hasEnoughEntropy(value)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apparently this condition is always satisfied in the tests. We could optionally add some cases with low-entropy, to increase coverage.

@sonarqube-next SonarQube-Next
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
1 Accepted issue

Measures
0 Security Hotspots
0 Dependency risks
93.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@leveretka leveretka enabled auto-merge (squash) June 19, 2025 15:17
@leveretka leveretka merged commit 91c2514 into master Jun 19, 2025
11 checks passed
@leveretka leveretka deleted the margo/SONARKT-656 branch June 19, 2025 15:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antonioaversa antonioaversa antonioaversa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@leveretka @antonioaversa