“Credentials should not be hard-coded” rule for c/c++/python

[roymm...@gmail.com]

We are running Enterprise Edition of SonarQube 6.7. As part of sonar scan (by using sonar-scanner or atlassin bamboo plugin or Jenkins plugin), we would like to find hardcoded credentials within the code. As of right now both Java and C# languages already have a “Credentials should not be hard-coded” rule to support this use-case. However, there is no such rule for C/C++ or python. We are using the “SonarCfamily” developed by SonarSource. Is it possible to implement these rules in C/C++ and python?

 

 

Thanks

[nicolas...@sonarsource.com]

Hi there,

In such cases feel free to check the plan in Jira directly. The rule is here: https://jira.sonarsource.com/browse/RSPEC-2068 . You will see that there are a number of 'is implemented by' tickets linked to the rule, including (to your query) open tickets for SonarCFamily and SonarPython.

All in all: feel free to vote for these tickets in Jira !

Best regards,

Nicolas