Sonar-runner plugin printing password

(Brian Repko) #1

I’m using the sonar-runner plugin with gradle 1.6 and configuring my jdbc password in a file so as to not be in source code. The plugin however prints the value of that password right to the log (–info). Is there a way to turn off password printing?

(Peter Niederwieser) #2

Where does it show up? Under “Executing Sonar Runner with properties:”?

(Brian Repko) #3

Peter - yes exactly. Would be useful to flag that property as printing with “*******” or to have a flag that eliminates printing properties all together (which may already exist - I’m running with --info on).

(Peter Niederwieser) #4

I agree that the password should be logged as ‘***’. I’ve created GRADLE-2817 for this.

‘tasks.sonarRunner.logging.level = “LIFECYCLE”’ is supposed to change the log level only for the ‘sonarRunner’ task, but as far as I know, per-task log levels aren’t currently working.

(Brian Repko) #5

Peter - thanks for logging the issue. We are now looking to setup Jenkins as

step 1 = gradle --info clean build… step 2 = conditional (gradle sonarRunner) - “without the --info”

There is a Jenkins issue doing this - apparently doesn’t like step 2 being conditional - but doing sonar as a second step without --info is ok with us. Still think the issue is important to fix but not urgent for us.

Thanks for your support / help!