Skip to content

BUILD-10761: Fix credential guard SQ Analysis security hotspot #47

Open
bwalsh434 wants to merge 1 commit intomasterfrom
BUILD-10761-fix-credential-guard-sq-hotspot
Open

BUILD-10761: Fix credential guard SQ Analysis security hotspot #47
bwalsh434 wants to merge 1 commit intomasterfrom
BUILD-10761-fix-credential-guard-sq-hotspot

Conversation

@bwalsh434
Copy link
Contributor

@bwalsh434 bwalsh434 commented Mar 19, 2026
edited
Loading

Problem

All recent ~5 recent commits on master have been failing the SonarCloud Code Analysis check due to Security Hotspots, see screenshot below and link to hotspots.

Screenshot 2026-03-19 at 2 12 55 PM Screenshot 2026-03-19 at 2 13 45 PM

What Changed?

  • This PR fixes the credential guard SQ Analysis security hotspot relating to tmp dir creds file for the credential guard check

@sonarqube-cloud-us
Copy link

sonarqube-cloud-us bot commented Mar 19, 2026

SonarQube reviewer guide

Review in SonarQube

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 19, 2026

SonarQube reviewer guide

Review in SonarQube

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@bwalsh434 bwalsh434 marked this pull request as ready for review March 19, 2026 19:05
@bwalsh434 bwalsh434 requested a review from a team as a code owner March 19, 2026 19:05
@sonar-review-alpha
Copy link

sonar-review-alpha bot commented Mar 19, 2026
edited
Loading

Summary

Fixes a SonarQube security hotspot by replacing hardcoded /tmp/ path with os.tmpdir() in the credential guard test. This ensures the temporary directory path is properly resolved based on the system environment rather than using an absolute path, improving portability and security.

What reviewers should know

The change is minimal and localized to one test file. Review focuses on: (1) confirm path.join() and os.tmpdir() are the standard Node.js way to construct temp paths portably, (2) verify the test behavior is unchanged—it still validates that core.saveState() is called with the correct credentials file path, and (3) ensure this matches the same pattern used in the actual credential-guard-main source code (not just the test).

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 19, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conclusion: Minimal, correct fix. The hardcoded /tmp literal in the test is replaced with os.tmpdir() — the right approach for platform-portable temp path construction, and the proper way to resolve this class of SonarQube hotspot. The test behavior is identical; only the path construction changes.

🗣️ Give feedback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

@mikolaj-matuszny-ext-sonarsource mikolaj-matuszny-ext-sonarsource Awaiting requested review from mikolaj-matuszny-ext-sonarsource

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bwalsh434