SONAR-7598 Hide sensitive properties in scanner report for global pro…

…perties
SonarSource · May 10, 2016 · 2060793 · 2060793
1 parent 9391fdf
commit 2060793
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/...r-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java b/...r-scanner-engine/src/main/java/org/sonar/batch/report/AnalysisContextReportPublisher.java
@@ -115,8 +115,8 @@ private void writeEnvVariables(BufferedWriter fileWriter) throws IOException {
   private void writeGlobalSettings(BufferedWriter fileWriter) throws IOException {
     fileWriter.append("Global properties:\n");
     Map<String, String> props = globalRepositories.globalSettings();
-    for (String env : new TreeSet<>(props.keySet())) {
+    for (String prop : new TreeSet<>(props.keySet())) {
-      fileWriter.append(String.format(KEY_VALUE_FORMAT, env, props.get(env))).append('\n');
+      dumpPropIfNotSensitive(fileWriter, prop, props.get(prop));
     }
   }
 
@@ -133,13 +133,17 @@ public void dumpModuleSettings(ProjectDefinition moduleDefinition) {
         if (isSystemProp(prop) || isEnvVariable(prop) || !isSqProp(prop)) {
           continue;
         }
-        fileWriter.append(String.format(KEY_VALUE_FORMAT, prop, sensitive(prop) ? "******" : moduleSpecificProps.get(prop))).append('\n');
+        dumpPropIfNotSensitive(fileWriter, prop, moduleSpecificProps.get(prop));
       }
     } catch (IOException e) {
       throw new IllegalStateException("Unable to write analysis log", e);
     }
   }
 
+  private static void dumpPropIfNotSensitive(BufferedWriter fileWriter, String prop, String value) throws IOException {
+    fileWriter.append(String.format(KEY_VALUE_FORMAT, prop, sensitive(prop) ? "******" : value)).append('\n');
+  }
+
   /**
    * Only keep props that are not in parent
    */

diff --git a/...anner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java b/...anner-engine/src/test/java/org/sonar/batch/report/AnalysisContextReportPublisherTest.java
@@ -181,7 +181,7 @@ public void shouldNotDumpEnvTwice() throws Exception {
   }
 
   @Test
-  public void shouldNotDumpSensitiveProperties() throws Exception {
+  public void shouldNotDumpSensitiveModuleProperties() throws Exception {
     ScannerReportWriter writer = new ScannerReportWriter(temp.newFolder());
     publisher.init(writer);
 
@@ -201,6 +201,20 @@ public void shouldNotDumpSensitiveProperties() throws Exception {
       "sonar.projectKey=foo");
   }
 
+  // SONAR-7598
+  @Test
+  public void shouldNotDumpSensitiveGlobalProperties() throws Exception {
+    ScannerReportWriter writer = new ScannerReportWriter(temp.newFolder());
+    when(globalRepositories.globalSettings()).thenReturn(ImmutableMap.of("sonar.login", "my_token", "sonar.password", "azerty", "sonar.cpp.license.secured", "AZERTY"));
+
+    publisher.init(writer);
+
+    assertThat(FileUtils.readFileToString(writer.getFileStructure().analysisLog())).containsSequence(
+      "sonar.cpp.license.secured=******",
+      "sonar.login=******",
+      "sonar.password=******");
+  }
+
   // SONAR-7371
   @Test
   public void dontDumpParentProps() throws Exception {