Exclude hardcoded credentials rules from test files and config.yaml

leifj · leifj · commit 79dc70007d26 · 2026-03-04T17:27:27.000+01:00
Add SonarCloud exclusions for:
- go:S6418 (Credentials should not be hard-coded) in test files
- go:S6418 in config.yaml (example configuration)
- go:S2068 (Credentials should not be hard-coded) in test files
- go:S2068 in config.yaml

Test files necessarily contain test credentials for authentication testing.
Config.yaml contains commented examples showing configuration format, not
actual production secrets.
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -29,7 +29,7 @@ sonar.go.coverage.reportPaths=coverage.out,didcomm_coverage.out
 #    - This is a key-wrapping primitive, not general-purpose encryption
 #
 # These patterns are required for standards compliance and interoperability.
-sonar.issue.ignore.multicriteria=e1,e2,e3,e4
+sonar.issue.ignore.multicriteria=e1,e2,e3,e4,e5,e6,e7,e8
 
 # Exclude S5542 from JWE crypto implementation (AES-CBC for content encryption, AES Key Wrap)
 sonar.issue.ignore.multicriteria.e1.ruleKey=go:S5542
@@ -46,3 +46,21 @@ sonar.issue.ignore.multicriteria.e3.resourceKey=**/pki/keymaterial_signer.go
 
 sonar.issue.ignore.multicriteria.e4.ruleKey=go:S5542
 sonar.issue.ignore.multicriteria.e4.resourceKey=**/pki/software.go
+
+# S6418 (go:S6418) - "Credentials should not be hard-coded"
+# Exclude from test files - test code necessarily contains test credentials
+# for authentication testing. These are not production secrets.
+sonar.issue.ignore.multicriteria.e5.ruleKey=go:S6418
+sonar.issue.ignore.multicriteria.e5.resourceKey=**/*_test.go
+
+# Exclude from example config - commented examples show format, not real credentials
+sonar.issue.ignore.multicriteria.e6.ruleKey=go:S6418
+sonar.issue.ignore.multicriteria.e6.resourceKey=config.yaml
+
+# S2068 (go:S2068) - "Credentials should not be hard-coded"
+# Same rationale as S6418 above
+sonar.issue.ignore.multicriteria.e7.ruleKey=go:S2068
+sonar.issue.ignore.multicriteria.e7.resourceKey=**/*_test.go
+
+sonar.issue.ignore.multicriteria.e8.ruleKey=go:S2068
+sonar.issue.ignore.multicriteria.e8.resourceKey=config.yaml
