Fix S2068 TP/FP: Stop raising issues for form credentials of web.config #7982
Labels
Area: Security
Related to Vulnerability and Security Hotspot rules
Type: False Positive
Rule IS triggered when it shouldn't be.
Description
In SONARXML-169 support for hardcoded clear-text credentials in
web.config
files was added. Now there is an overlap with the rule for sonar-dotnet, i.e. issues will be reported twice. So even though it is a true positive, it would be best if sonar-dotnet does not raise an issue for this specific case anymore.There is also a false positive that is raised for the attribute
passwordFormat
that sets the password format.Repro steps
Expected behavior
No issues should be raised in
web.config
files for children of<configuration><system.web><authentication mode="Forms"><forms>
that contain attributes with a keyword likepassword
.Actual behavior
Issues are raised for
<credentials passwordFormat="Clear">
and<user name="admin" password="password" />
.The text was updated successfully, but these errors were encountered: