Menu
SonarLint flags as blockers some variables in my code base. Ones like public static final String INVALID_PASSWORD = "Your password is invalid.";
SonarLint thinks that the variable might contain a hard coded password, which is a security risk. But in this case, the variable does not contain a password, it contains a message about a password.
I also have some like public static final String INVALID_PASSWORD = "INVALID_PASSWORD";, that are codes rather than strings, which SonarLint also flags.
What's the best practice for "fixing" this type of issue? Two solutions that come to mind are renaming the variable, and using a @SupressWarnings("code here") annotation.
Does SonarLint itself have a recommendation for this issue? Is an there an industry best practice?
996
You should be able to mute the Sonar issue with something like:
@SuppressWarnings("squid:S2068") // This is not an hard coded password.
Annotated over the culprit.
142
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
