Package org.sonar.java.checks

Class HardCodedSecretCheck

java.lang.Object

org.sonar.java.ast.visitors.SubscriptionVisitor

org.sonar.plugins.java.api.IssuableSubscriptionVisitor

org.sonar.java.checks.AbstractHardCodedCredentialChecker

org.sonar.java.checks.HardCodedSecretCheck

All Implemented Interfaces:

JavaCheck, JavaFileScanner

public class HardCodedSecretCheck
extends AbstractHardCodedCredentialChecker

Field Summary

Fields

Modifier and Type	Field	Description
double	randomnessSensibility
String	secretWords

Fields inherited from class org.sonar.java.checks.AbstractHardCodedCredentialChecker

EQUALS_MATCHER, STRING_TO_CHAR_ARRAY

Fields inherited from class org.sonar.java.ast.visitors.SubscriptionVisitor

context

Constructor Summary

Constructors

Constructor	Description
HardCodedSecretCheck()

Method Summary

Modifier and Type	Method	Description
protected String	getCredentialWords()
protected boolean	isCredentialContainingPattern(ExpressionTree expression)	Determine if the actual hardcoded credential from the expression, contains one of the credentials pattern.
protected boolean	isPotentialCredential(String literal)
List<Tree.Kind>	nodesToVisit()
protected void	report(Tree tree, String match)
void	visitNode(Tree tree)

Methods inherited from class org.sonar.java.checks.AbstractHardCodedCredentialChecker

handleAssignment, handleEqualsMethod, handleStringLiteral, handleVariable, isCallOnStringLiteral, isCredentialLikeName, isCredentialVariable, isPotentialCredential, isSettingCredential

Methods inherited from class org.sonar.plugins.java.api.IssuableSubscriptionVisitor

addIssue, addIssueOnFile, leaveFile, reportIssue, reportIssue, reportIssue, scanFile, scanTree, setContext

Methods inherited from class org.sonar.java.ast.visitors.SubscriptionVisitor

leaveNode, visitToken, visitTrivia

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.sonar.plugins.java.api.JavaFileScanner

scanWithoutParsing

Field Details

secretWords

public String secretWords

randomnessSensibility

public double randomnessSensibility

Constructor Details

HardCodedSecretCheck

public HardCodedSecretCheck()

Method Details

getCredentialWords

protected String getCredentialWords()

Specified by:

getCredentialWords in class AbstractHardCodedCredentialChecker

isCredentialContainingPattern

protected boolean isCredentialContainingPattern(ExpressionTree expression)

Description copied from class: AbstractHardCodedCredentialChecker

Determine if the actual hardcoded credential from the expression, contains one of the credentials pattern. This is typically used to ignore constant declaration.

Specified by:

isCredentialContainingPattern in class AbstractHardCodedCredentialChecker

nodesToVisit

public List<Tree.Kind> nodesToVisit()

Specified by:

nodesToVisit in class SubscriptionVisitor

visitNode

public void visitNode(Tree tree)

Overrides:

visitNode in class SubscriptionVisitor

isPotentialCredential

protected boolean isPotentialCredential(String literal)

Overrides:

isPotentialCredential in class AbstractHardCodedCredentialChecker

report

protected void report(Tree tree,
 String match)

Specified by:

report in class AbstractHardCodedCredentialChecker