Issue with sonar.password having the $ symbol

[darrellme]

Hi

When trying to use the npm module on a sonarqube instance that is protected via basic authentication I'm supposed to set the sonar.login and sonar.password attributes in the options section of the gulpfile. However if the password has the $ symbol as part of it then execution of the sonar scan fails because it cuts off parameters passed to the java executable from the $ sign onwards, presumably because $ is a reserved value in scripting.

I'm running this on a MacBook Pro. Unfortunately we don't have any control over the password of the sonarqube instance, so we can't remove the $ symbol from it as its a valid character in a secure password

Thanks

Darrell

[bellingard]

Hi @darrellme

The best way to solve this problem is for you to generate a token in "My Account > Security" and pass it through the "token" property - like what you can see on https://www.npmjs.com/package/sonarqube-scanner.

This is the best way for 2 reasons:

• First this solves your issue because you don't provide a password with a dollar sign anymore
• Second, this is far more secure because you can revoke the token at any time if it was compromised

So 2 good reasons to not fix this issue in fact :-)

Can you tell me if you could make it work?

[gabssnake]

Maybe we should document this as there a couple of issues related to authentication.

[gabssnake]

I created a list of potential improvements and mentioned this topic:

• #165

I'll close this issue for now. Feel free to reopen if you have more information.