File tree Expand file tree Collapse file tree 1 file changed +4
-2
lines changed
sonar-xml-plugin/src/main/java/org/sonar/plugins/xml/checks/security Expand file tree Collapse file tree 1 file changed +4
-2
lines changed Original file line number Diff line number Diff line change @@ -47,7 +47,7 @@ public class HardcodedCredentialsCheck extends SimpleXPathBasedCheck {
4747 private static final XPathExpression WEB_CONFIG_CREDENTIALS_PATH = XPathBuilder
4848 .forExpression ("/configuration/system.web/authentication[@mode=\" Forms\" ]/forms/credentials[@passwordFormat=\" Clear\" ]/user/@password[string-length(.) > 0]" ).build ();
4949
50- private static final XPathExpression WEB_CONFIG_USER1192 = XPathBuilder
50+ private static final XPathExpression WEB_CONFIG_APP_SETTINGS_PATH = XPathBuilder
5151 .forExpression ("//appSettings/add[\" lower-case(@key)='password'\" ]" ).build ();
5252
5353 private static final Pattern VALID_CREDENTIAL_VALUES = Pattern .compile ("[\\ {$#]\\ {" );
@@ -80,9 +80,11 @@ private Set<String> credentialWordsSet() {
8080 @ Override
8181 public void scanFile (XmlFile file ) {
8282 if (Xml .isDotNetApplicationConfig (file .getInputFile ())) {
83- evaluateAsList (WEB_CONFIG_USER1192 , file .getDocument ()).stream ()
83+ evaluateAsList (WEB_CONFIG_CREDENTIALS_PATH , file .getDocument ()).stream ()
8484 .filter (passwordAttrNode -> !isValidWebConfigCredential (passwordAttrNode .getNodeValue ()))
8585 .forEach (this ::reportIssue );
86+ evaluateAsList (WEB_CONFIG_APP_SETTINGS_PATH , file .getDocument ()).stream ()
87+ .forEach (this ::reportIssue );
8688 } else {
8789 checkElements (file .getDocument ());
8890 checkSpecialCases (file );
You can’t perform that action at this time.
0 commit comments