Getting "Hard coded password found here" exception where (IMHO) it shouldn't
sliric opened this issue · comments
Slobodan Liric commented
Environment
Component | Version |
---|---|
Java | 17 |
SonarQube | 9.9 (build 65466) |
FindSecBugs | 1.12.0 |
Problem
I'm getting the "Hard coded password found here" exception.
Code
import static java.util.Arrays.asList;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.drive.DriveScopes;
import com.google.api.services.fusiontables.FusiontablesScopes;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.util.List;
import org.springframework.beans.factory.annotation.Value;
/** Creates and stores credentials for google oauth2 services. */
class GoogleOauth2CredentialsService {
@Value("${p12Name}")
private String p12Name;
@Value("${p12Alias}")
private String p12Alias;
@Value("${p12Password}")
private String p12Token;
private static final List<String> SCOPES =
asList(
"https://spreadsheets.google.com/feeds",
"https://docs.google.com/feeds",
DriveScopes.DRIVE);
GoogleCredential getAppCredentials() throws IOException, GeneralSecurityException {
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(this.getClass().getClassLoader().getResourceAsStream(p12Name), p12Token.toCharArray());
PrivateKey key = (PrivateKey) ks.getKey(p12Alias, p12Token.toCharArray());
return new GoogleCredential.Builder()
.setTransport(new NetHttpTransport())
.setJsonFactory(new JacksonFactory())
.setServiceAccountPrivateKey(key)
.setServiceAccountScopes(SCOPES)
.build();
}
}
This is the screenshot of this problem: