JS-359 Create rule S6418 (`hardcoded-secrets`): Hard-coded secrets are security-sensitive (broken) #4920

kebetsi · 2024-11-21T07:50:43Z

Based on the sonar-python S6418 rule.

RSPEC PR

JS-359

Other ticket tackling S2068

write test cases for hardcoded passwords
refactor hardcoded passwords rule

…iteral

packages/jsts/src/rules/S6418/unit.test.ts

packages/jsts/src/rules/S6418/rule.ts

its/sources/jsts/custom/S6418.ts

its/ruling/src/test/expected/jsts/Ghost/javascript-S6418.json

sonar-plugin/sonar-javascript-plugin/pom.xml

yassin-kammoun-sonarsource

Looks great overall, but there are a few things to address.

...lugin/javascript-checks/src/main/java/org/sonar/javascript/checks/HardcodedSecretsCheck.java

packages/jsts/src/rules/S6418/rule.ts

...n/javascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6418.html

.../javascript-checks/src/test/java/org/sonar/javascript/checks/HardcodedPasswordCheckTest.java

Co-authored-by: Yassin Kammoun <52890329+yassin-kammoun-sonarsource@users.noreply.github.com>

…JS into JS-359-implement-S6418

…t because I find no way to use hyphens in the Java check

yassin-kammoun-sonarsource

Great job!

packages/jsts/src/rules/S6418/rule.ts

sonarqube-next · 2024-11-26T14:35:52Z

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
95.5% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

kebetsi added 2 commits November 20, 2024 11:33

adapt package size

e1f31fb

generate base files and apply changes

8dce398

kebetsi mentioned this pull request Nov 21, 2024

JS-421 Fix new-rule script #4917

Closed

kebetsi added 11 commits November 25, 2024 08:42

save java-like implementation

a7211ab

Implement rule python-like, only checking the content of the string l…

c46d6b2

…iteral

de-pythonize

48f4c64

handle all cases from python

3b7ee65

handle additional cases with ugly ts-ignores

bd4b1f5

add options

aafc0dd

cleanup

316566b

modularize

0c6479b

remove test cases inspired from java

8d03c52

cleanup TS

db8a844

wip: work on java classes

50cdc57

kebetsi changed the title ~~JS-359 Create rule S6418 (hardcoded-secrets): secrets should not be hardcoded~~ JS-359 Create rule S6418 (hardcoded-secrets): Hard-coded secrets are security-sensitive Nov 25, 2024

kebetsi added 5 commits November 25, 2024 18:00

fix rule config parameters number

29be47a

add ruling

2f030dc

fix sonar issues

c928cec

update ruling results - contains FPs

c510736

Merge branch 'master' into JS-359-implement-S6418

2f4c595

kebetsi marked this pull request as ready for review November 25, 2024 17:57

kebetsi requested a review from yassin-kammoun-sonarsource November 25, 2024 17:57

kebetsi commented Nov 25, 2024

View reviewed changes

packages/jsts/src/rules/S6418/unit.test.ts Outdated Show resolved Hide resolved

kebetsi commented Nov 25, 2024

View reviewed changes

packages/jsts/src/rules/S6418/rule.ts Outdated Show resolved Hide resolved

kebetsi commented Nov 25, 2024

View reviewed changes

its/sources/jsts/custom/S6418.ts Outdated Show resolved Hide resolved

kebetsi added 4 commits November 25, 2024 19:03

bump sensitivity from 3.0 to 5.0

a2fb2e7

delete unit test

ddafc45

remove custom ruling fixture

d12c0ef

Merge branch 'master' into JS-359-implement-S6418

116429c

kebetsi commented Nov 25, 2024

View reviewed changes

its/ruling/src/test/expected/jsts/Ghost/javascript-S6418.json Show resolved Hide resolved

kebetsi commented Nov 25, 2024

View reviewed changes

sonar-plugin/sonar-javascript-plugin/pom.xml Show resolved Hide resolved

update rspec

a6a3a06

kebetsi mentioned this pull request Nov 25, 2024

Create rule S6418 for JavaScript: Hard-coded secrets are security-sensitive SonarSource/rspec#4518

Merged

4 tasks

yassin-kammoun-sonarsource requested changes Nov 25, 2024

View reviewed changes

kebetsi and others added 5 commits November 26, 2024 09:06

Update packages/jsts/src/rules/S6418/rule.ts

c789576

Co-authored-by: Yassin Kammoun <52890329+yassin-kammoun-sonarsource@users.noreply.github.com>

apply review fixes

90252dd

Merge branch 'JS-359-implement-S6418' of github.com:SonarSource/Sonar…

f0edc72

…JS into JS-359-implement-S6418

add test for Java Check class and adapt parameters to camelCase forma…

eb43681

…t because I find no way to use hyphens in the Java check

Merge branch 'master' into JS-359-implement-S6418

a514eb1

kebetsi requested a review from yassin-kammoun-sonarsource November 26, 2024 08:38

yassin-kammoun-sonarsource approved these changes Nov 26, 2024

View reviewed changes

kebetsi added 2 commits November 26, 2024 09:41

small fix

f86cc34

update license

b3cb890

vdiez reviewed Nov 26, 2024

View reviewed changes

packages/jsts/src/rules/S6418/rule.ts Outdated Show resolved Hide resolved

kebetsi and others added 7 commits November 26, 2024 10:23

adapt typings to only use estree (not TSESTree)

aa0fbe5

put back default sensibility to 3.0

6b77b05

remove unnecessary typing changes in helpers

626d71b

remove remaining changes in helpers

71ccdca

put back sensibility to 5.0

cca9ab5

Merge branch 'master' into JS-359-implement-S6418

57c623a

Fix CI

0c54ec2

kebetsi changed the title ~~JS-359 Create rule S6418 (hardcoded-secrets): Hard-coded secrets are security-sensitive~~ JS-359 Create rule S6418 (hardcoded-secrets): Hard-coded secrets are security-sensitive (broken) Nov 26, 2024

kebetsi closed this Nov 26, 2024

kebetsi mentioned this pull request Nov 26, 2024

JS-359 Create rule S6418 (hardcoded-secrets): Hard-coded secrets ar… #4930

Closed

kebetsi reopened this Nov 26, 2024

kebetsi closed this Nov 26, 2024

kebetsi reopened this Nov 26, 2024

kebetsi merged commit ffa208c into master Nov 26, 2024
19 of 20 checks passed

kebetsi deleted the JS-359-implement-S6418 branch November 26, 2024 15:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

JS-359 Create rule S6418 (`hardcoded-secrets`): Hard-coded secrets are security-sensitive (broken) #4920

JS-359 Create rule S6418 (`hardcoded-secrets`): Hard-coded secrets are security-sensitive (broken) #4920

kebetsi commented Nov 21, 2024 •

edited

Loading

yassin-kammoun-sonarsource left a comment

yassin-kammoun-sonarsource left a comment

sonarqube-next bot commented Nov 26, 2024

JS-359 Create rule S6418 (hardcoded-secrets): Hard-coded secrets are security-sensitive (broken) #4920

JS-359 Create rule S6418 (hardcoded-secrets): Hard-coded secrets are security-sensitive (broken) #4920

Conversation

kebetsi commented Nov 21, 2024 • edited Loading

Other ticket tackling S2068

yassin-kammoun-sonarsource left a comment

Choose a reason for hiding this comment

yassin-kammoun-sonarsource left a comment

Choose a reason for hiding this comment

sonarqube-next bot commented Nov 26, 2024

Quality Gate passed

JS-359 Create rule S6418 (`hardcoded-secrets`): Hard-coded secrets are security-sensitive (broken) #4920

JS-359 Create rule S6418 (`hardcoded-secrets`): Hard-coded secrets are security-sensitive (broken) #4920

kebetsi commented Nov 21, 2024 •

edited

Loading