search

JetBrains / TeamCity.SonarQubePlugin

A plugin for TeamCity server allowing you to configure and run SonarQube analysis from the CI
Apache License 2.0
53 stars 32 forks source link

Access tokens are exposed if saved in VCS #75

Closed maxemiliang closed 4 years ago

maxemiliang commented 4 years ago

Currently if you have build configurations saved in VCS and you are using this plugin with token login, then tokens are exposed and there is no way to use parameters when adding servers. This means that tokens are exposed and added to VCS history. Is it possible to make the username/password input fields so that they accept parameters?

Example:

<extension` id="PROJECT_EXT_21" type="sonar-qube">
  <parameters>
    <param name="id" value="" />
    <param name="login" value="[PLAIN_TEXT_TOKEN]" />
    <param name="name" value="Sonar" />
    <param name="url" value="https://sonar.url" />
  </parameters>
</extension>
maxemiliang commented 4 years ago

Apparently it works if i set them as sonarLogin and sonar.host.url. This should maybe be better signalled to the user?