[PHP] False positive "Remove this hard-coded password"

68 views

php

Skip to first unread message

li...@nitsnets.com

unread,

May 15, 2017, 12:58:46 PM5/15/17

to SonarQube

Using Laravel commands.

Command definition:

class User extends CommandInterface
{
    /**
     * Usage help
     *
     * @var string
     */
    protected $signature = 'user:add {--email=} {--name=} {--password=}';
    
    /**
     * @var string
     */
    protected $description = 'Add an user to system';

Usage from terminal:

php artisan user:add --email=admin@admin.com --name=Admin --password=admin

Error

class User extends CommandInterface
{
    /**
     * Usage help
     *
     * @var string
     */
    protected $signature = 'cms:user:add {--email=} {--name=} {--password=}';
    
    Remove this hard-coded password.

Regards!

carlo.bo...@gmail.com

unread,

May 17, 2017, 4:29:20 AM5/17/17

to SonarQube, li...@nitsnets.com

Hello,

thanks for reporting this. I've created a jira ticket to improve the rule : https://jira.sonarsource.com/browse/SONARPHP-707

In the meanwhile, you could mark these as "false-positive" in SonarQube.

Cheers,

Carlo

Reply all

Reply to author

Forward

0 new messages