org.sonar.java.checks.HardCodedSecretCheck

All Implemented Interfaces:: JavaCheck, JavaFileScanner

public class HardCodedSecretCheck extends AbstractHardCodedCredentialChecker

Field Summary

Fields

Modifier and Type

Field

Description

double

randomnessSensibility

String

secretWords

Fields inherited from class AbstractHardCodedCredentialChecker
EQUALS_MATCHER, STRING_TO_CHAR_ARRAY

Fields inherited from class SubscriptionVisitor
context
Constructor Summary

Constructors

Constructor

Description

HardCodedSecretCheck()
Method Summary

Modifier and Type

Method

Description

protected String

getCredentialWords()

protected boolean

isCredentialContainingPattern(ExpressionTree expression)

Determine if the actual hardcoded credential from the expression, contains one of the credentials pattern.

protected boolean

isPotentialCredential(String literal)

List<Tree.Kind>

nodesToVisit()

protected void

report(Tree tree, String match)

void

visitNode(Tree tree)

Methods inherited from class AbstractHardCodedCredentialChecker
handleAssignment, handleEqualsMethod, handleStringLiteral, handleVariable, isCallOnStringLiteral, isCredentialLikeName, isCredentialVariable, isPotentialCredential, isSettingCredential

Methods inherited from class IssuableSubscriptionVisitor
addIssue, addIssueOnFile, leaveFile, reportIssue, reportIssue, reportIssue, reportIssue, scanFile, scanTree, setContext

Methods inherited from class SubscriptionVisitor
leaveNode, visitToken, visitTrivia

Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface JavaFileScanner
scanWithoutParsing

Field Details
- secretWords
  
  public String secretWords
- randomnessSensibility
  
  public double randomnessSensibility
Constructor Details
- HardCodedSecretCheck
  
  public HardCodedSecretCheck()
Method Details
- getCredentialWords
  
  protected String getCredentialWords()
  
  Specified by:
  
  getCredentialWords in class AbstractHardCodedCredentialChecker
- isCredentialContainingPattern
  
  protected boolean isCredentialContainingPattern(ExpressionTree expression)
  
  Description copied from class: AbstractHardCodedCredentialChecker
  
  Determine if the actual hardcoded credential from the expression, contains one of the credentials pattern. This is typically used to ignore constant declaration.
  
  Specified by:
  
  isCredentialContainingPattern in class AbstractHardCodedCredentialChecker
- nodesToVisit
  
  public List<Tree.Kind> nodesToVisit()
  
  Specified by:
  
  nodesToVisit in class SubscriptionVisitor
- visitNode
  
  public void visitNode(Tree tree)
  
  Overrides:
  
  visitNode in class SubscriptionVisitor
- isPotentialCredential
  
  protected boolean isPotentialCredential(String literal)
  
  Overrides:
  
  isPotentialCredential in class AbstractHardCodedCredentialChecker
- report
  
  protected void report(Tree tree, String match)
  
  Specified by:
  
  report in class AbstractHardCodedCredentialChecker

Class HardCodedSecretCheck

Field Summary

Fields inherited from class AbstractHardCodedCredentialChecker

Fields inherited from class SubscriptionVisitor

Constructor Summary

Method Summary

Methods inherited from class AbstractHardCodedCredentialChecker

Methods inherited from class IssuableSubscriptionVisitor

Methods inherited from class SubscriptionVisitor

Methods inherited from class Object

Methods inherited from interface JavaFileScanner

Field Details

secretWords

randomnessSensibility

Constructor Details

HardCodedSecretCheck

Method Details

getCredentialWords

isCredentialContainingPattern

nodesToVisit

visitNode

isPotentialCredential

report