I have the following piece of code in a tool:
var o = new OptionSet()
.Add("password=|pwd=|p=", "The database password. Only when using SQL authentication.", p => password = p.TrimQuotes())
...
;
My PR build promotes Sonar warnings to compilation errors and so the code fails with:
HashPasswordsArgs.cs(49,22): warning S2068: "password" detected here, make sure this is not a hard-coded credential. [C:\xyz\HashPasswords\src\HashPasswords\HashPasswords.csproj]
OK, I know it is a false positive and want to suppress it in code (this is my specific and conscious desire, please do not suggest going to the SonarQube server to do anything).
I tried adding the //NOSONAR (with or without a space after //), I also tried adding #pragma warning disable S2068 at the top of the file. Nothing helps.
What am I missing?
Here are the example runs:
//NOSONAR
C:\xyz\HashPasswords [master ≡]> cat .\src\HashPasswords\HashPasswordsArgs.cs |sls SONAR
.Add("password=|pwd=|p=", "The database password. Only when using SQL authentication.", p => password = p.TrimQuotes()) //NOSONAR
C:\xyz\HashPasswords [master ≡ +1 ~2 -0 !]> dotnet build
Microsoft (R) Build Engine version 16.6.0+5ff7b0c9e for .NET Core
Copyright (C) Microsoft Corporation. All rights reserved.
Determining projects to restore...
All projects are up-to-date for restore.
HashPasswordsArgs.cs(49,22): warning S2068: "password" detected here, make sure this is not a hard-coded credential. [C:\xyz\HashPasswords\src\HashPasswords\HashPasswords.csproj]
HashPasswords -> C:\xyz\HashPasswords\src\HashPasswords\bin\Debug\net472\HashPasswords.exe
Sonar: (HashPasswords.csproj) Project processed successfully
Build succeeded.
HashPasswordsArgs.cs(49,22): warning S2068: "password" detected here, make sure this is not a hard-coded credential. [C:\xyz\HashPasswords\src\HashPasswords\HashPasswords.csproj]
1 Warning(s)
0 Error(s)
Time Elapsed 00:00:01.23
C:\xyz\HashPasswords [master ≡ +1 ~2 -0 !]>
#pragma warning disable S2068
C:\xyz\HashPasswords [master ≡ +1 ~2 -0 !]> dir .\src\HashPasswords\HashPasswordsArgs.cs |sls S2068
src\HashPasswords\HashPasswordsArgs.cs:6:#pragma warning disable S2068
C:\xyz\HashPasswords [master ≡ +1 ~2 -0 !]> dotnet build
Microsoft (R) Build Engine version 16.6.0+5ff7b0c9e for .NET Core
Copyright (C) Microsoft Corporation. All rights reserved.
Determining projects to restore...
All projects are up-to-date for restore.
HashPasswordsArgs.cs(51,22): warning S2068: "password" detected here, make sure this is not a hard-coded credential. [C:\xyz\HashPasswords\src\HashPasswords\HashPasswords.csproj]
HashPasswords -> C:\xyz\HashPasswords\src\HashPasswords\bin\Debug\net472\HashPasswords.exe
Sonar: (HashPasswords.csproj) Project processed successfully
Build succeeded.
HashPasswordsArgs.cs(51,22): warning S2068: "password" detected here, make sure this is not a hard-coded credential. [C:\xyz\HashPasswords\src\HashPasswords\HashPasswords.csproj]
1 Warning(s)
0 Error(s)
Time Elapsed 00:00:01.28
C:\xyz\HashPasswords [master ≡ +1 ~2 -0 !]>
I am interested to know why #pragma does not work. Any other code based suppression is welcome. The more focused the better, i.e. ideally I just want to suppress this one warning on the particular line.
The below should work.
[System.Diagnostics.CodeAnalysis.SuppressMessage("Sonar Code Smell", "S2068:Credentials should not be hard-coded", Justification = "<Pending>")]
It worked with below attribute for me as well [SuppressMessage("Sonar Code Smell", "S2068:Credentials should not be hard-coded", Justification = "")]