diff --git a/.secrets.baseline b/.secrets.baseline
new file mode 100644
index 000000000..6734c89e3
--- /dev/null
+++ b/.secrets.baseline
@@ -0,0 +1,85 @@
+{
+ "exclude": {
+ "files": "^.secrets.baseline$",
+ "lines": null
+ },
+ "generated_at": "2024-06-03T14:55:28Z",
+ "plugins_used": [
+ {
+ "name": "AWSKeyDetector"
+ },
+ {
+ "name": "ArtifactoryDetector"
+ },
+ {
+ "name": "AzureStorageKeyDetector"
+ },
+ {
+ "base64_limit": 4.5,
+ "name": "Base64HighEntropyString"
+ },
+ {
+ "name": "BasicAuthDetector"
+ },
+ {
+ "name": "BoxDetector"
+ },
+ {
+ "name": "CloudantDetector"
+ },
+ {
+ "ghe_instance": "github.ibm.com",
+ "name": "GheDetector"
+ },
+ {
+ "name": "GitHubTokenDetector"
+ },
+ {
+ "hex_limit": 3,
+ "name": "HexHighEntropyString"
+ },
+ {
+ "name": "IbmCloudIamDetector"
+ },
+ {
+ "name": "IbmCosHmacDetector"
+ },
+ {
+ "name": "JwtTokenDetector"
+ },
+ {
+ "keyword_exclude": null,
+ "name": "KeywordDetector"
+ },
+ {
+ "name": "MailchimpDetector"
+ },
+ {
+ "name": "NpmDetector"
+ },
+ {
+ "name": "PrivateKeyDetector"
+ },
+ {
+ "name": "SlackDetector"
+ },
+ {
+ "name": "SoftlayerDetector"
+ },
+ {
+ "name": "SquareOAuthDetector"
+ },
+ {
+ "name": "StripeDetector"
+ },
+ {
+ "name": "TwilioKeyDetector"
+ }
+ ],
+ "results": {},
+ "version": "0.13.1+ibm.62.dss",
+ "word_list": {
+ "file": null,
+ "hash": null
+ }
+}
diff --git a/build-locally.sh b/build-locally.sh
index 2d3452950..4f60457e6 100755
--- a/build-locally.sh
+++ b/build-locally.sh
@@ -78,6 +78,15 @@ Options are:
EOF
}
+function check_exit_code () {
+ # This function takes 3 parameters in the form:
+ # $1 an integer value of the returned exit code
+ # $2 an error message to display if $1 is not equal to 0
+ if [[ "$1" != "0" ]]; then
+ error "$2"
+ exit 1
+ fi
+}
#-----------------------------------------------------------------------------------------
# Process parameters
#-----------------------------------------------------------------------------------------
@@ -185,9 +194,36 @@ function build_code {
info "Using command: ${cmd}"
$cmd 2>&1 > ${log_file}
- rc=$? ; if [[ "${rc}" != "0" ]]; then error "Failed to build ${project} see logs at ${log_file}" ; exit 1 ; fi
+ rc=$?
+ check_exit_code $rc "Failed to build ${project} see logs at ${log_file}"
success "Project ${project} built - OK - log is at ${log_file}"
}
-build_code
\ No newline at end of file
+function check_secrets {
+ h2 "updating secrets baseline"
+ cd ${BASEDIR}
+ detect-secrets scan --update .secrets.baseline
+ rc=$?
+ check_exit_code $rc "Failed to run detect-secrets. Please check it is installed properly"
+ success "updated secrets file"
+
+ h2 "running audit for secrets"
+ detect-secrets audit .secrets.baseline
+ rc=$?
+ check_exit_code $rc "Failed to audit detect-secrets."
+
+ #Check all secrets have been audited
+ secrets=$(grep -c hashed_secret .secrets.baseline)
+ audits=$(grep -c is_secret .secrets.baseline)
+ if [[ "$secrets" != "$audits" ]]; then
+ error "Not all secrets found have been audited"
+ exit 1
+ fi
+ success "secrets audit complete"
+}
+
+
+build_code
+
+check_secrets
\ No newline at end of file
diff --git a/galasa-managers-parent/galasa-managers-cicsts-parent/dev.galasa.cicsts.manager/src/main/java/dev/galasa/cicsts/ICeciResponseOutputValue.java b/galasa-managers-parent/galasa-managers-cicsts-parent/dev.galasa.cicsts.manager/src/main/java/dev/galasa/cicsts/ICeciResponseOutputValue.java
index 589811c9b..f08704bb1 100644
--- a/galasa-managers-parent/galasa-managers-cicsts-parent/dev.galasa.cicsts.manager/src/main/java/dev/galasa/cicsts/ICeciResponseOutputValue.java
+++ b/galasa-managers-parent/galasa-managers-cicsts-parent/dev.galasa.cicsts.manager/src/main/java/dev/galasa/cicsts/ICeciResponseOutputValue.java
@@ -1,8 +1,8 @@
-/*
- * Copyright contributors to the Galasa project
- *
- * SPDX-License-Identifier: EPL-2.0
- */
+/*
+ * Copyright contributors to the Galasa project
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
package dev.galasa.cicsts;
@@ -14,7 +14,7 @@
* show:
* INTO('A.....')
* and in Hex:
- * INTO(X'C13456789ABC')
+ * INTO(X'C13456789ABC')
example hex in javadoc comment //pragma: allowlist secret
* Both representations are available using the {@link #getTextValue()} and {@link #getHexValue()} methods respectively
*/
public interface ICeciResponseOutputValue {
diff --git a/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.docker.manager/src/test/java/dev/galasa/docker/internal/TestDockerRegistryImpl.java b/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.docker.manager/src/test/java/dev/galasa/docker/internal/TestDockerRegistryImpl.java
index 74196d93a..fe2e06a9e 100644
--- a/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.docker.manager/src/test/java/dev/galasa/docker/internal/TestDockerRegistryImpl.java
+++ b/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.docker.manager/src/test/java/dev/galasa/docker/internal/TestDockerRegistryImpl.java
@@ -115,7 +115,7 @@ public void retrieveBearerTokenUnauthorised() throws DockerManagerException, Mal
when(credentialsMock.getUsername()).thenReturn("testUsername");
when(credentialsMock.getPassword()).thenReturn("testPassword");
String user = "testUsername";
- String password = "testPassword";
+ String password = "testPassword"; //unit test mock password //pragma: allowlist secret
when(clientMock.setAuthorisation(user, password)).thenReturn(clientMock);
when(clientMock.build()).thenReturn(clientMock);
// Base64 encoding credentials to replicate private encoding method (generateDockerRegistryAuthStructure)
diff --git a/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.kubernetes.manager.ivt/src/main/resources/testSecret.yaml b/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.kubernetes.manager.ivt/src/main/resources/testSecret.yaml
index fb0caea30..b4fcb1faa 100644
--- a/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.kubernetes.manager.ivt/src/main/resources/testSecret.yaml
+++ b/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.kubernetes.manager.ivt/src/main/resources/testSecret.yaml
@@ -9,4 +9,4 @@ kind: Secret
metadata:
name: testsecret
data:
- test_password: dGVzdHBhc3N3b3Jk
\ No newline at end of file
+ test_password: dGVzdHBhc3N3b3Jk #This is used in in the IVT test only #pragma: allowlist secret
\ No newline at end of file
diff --git a/galasa-managers-parent/galasa-managers-other-parent/dev.galasa.galasaecosystem.manager/src/main/resources/k8s/config-grafana.yaml b/galasa-managers-parent/galasa-managers-other-parent/dev.galasa.galasaecosystem.manager/src/main/resources/k8s/config-grafana.yaml
index 92c440f9e..4c24153d9 100644
--- a/galasa-managers-parent/galasa-managers-other-parent/dev.galasa.galasaecosystem.manager/src/main/resources/k8s/config-grafana.yaml
+++ b/galasa-managers-parent/galasa-managers-other-parent/dev.galasa.galasaecosystem.manager/src/main/resources/k8s/config-grafana.yaml
@@ -90,7 +90,7 @@ data:
;password =
# Use either URL or the previous fields to configure the database
- # Example: mysql://user:secret@host:port/database
+ # Example: mysql://user:secret@host:port/database #pragma: allowlist secret
;url =
# For "postgres" only, either "disable", "require" or "verify-full"
@@ -164,7 +164,7 @@ data:
;admin_user = admin
# default admin password, can be changed before first start of grafana, or in profile settings
- ;admin_password = admin
+ ;admin_password = admin #property is not used as it is commented out #pragma: allowlist secret
# used for signing
;secret_key = SW2YcwTIb9zpOOhoPsMm
@@ -276,7 +276,7 @@ data:
;enabled = false
;allow_sign_up = true
;client_id = some_id
- ;client_secret = some_secret
+ ;client_secret = some_secret #property is not used as it is commented out #pragma: allowlist secret
;scopes = user:email,read:org
;auth_url = https://github.com/login/oauth/authorize
;token_url = https://github.com/login/oauth/access_token
@@ -289,7 +289,7 @@ data:
;enabled = false
;allow_sign_up = true
;client_id = some_client_id
- ;client_secret = some_client_secret
+ ;client_secret = some_client_secret #property is not used as it is commented out #pragma: allowlist secret
;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
;auth_url = https://accounts.google.com/o/oauth2/auth
;token_url = https://accounts.google.com/o/oauth2/token
@@ -302,7 +302,7 @@ data:
;name = OAuth
;allow_sign_up = true
;client_id = some_id
- ;client_secret = some_secret
+ ;client_secret = some_secret #property is not used as it is commented out #pragma: allowlist secret
;scopes = user:email,read:org
;auth_url = https://foo.bar/login/oauth/authorize
;token_url = https://foo.bar/login/oauth/access_token
@@ -323,7 +323,7 @@ data:
;enabled = false
;allow_sign_up = true
;client_id = some_id
- ;client_secret = some_secret
+ ;client_secret = some_secret #property is not used as it is commented out #pragma: allowlist secret
;scopes = user:email
;allowed_organizations =
diff --git a/galasa-managers-parent/galasa-managers-testingtools-parent/dev.galasa.jmeter.manager.ivt/src/main/res/jmeter.properties b/galasa-managers-parent/galasa-managers-testingtools-parent/dev.galasa.jmeter.manager.ivt/src/main/res/jmeter.properties
index 02bd43e0f..72cde0228 100644
--- a/galasa-managers-parent/galasa-managers-testingtools-parent/dev.galasa.jmeter.manager.ivt/src/main/res/jmeter.properties
+++ b/galasa-managers-parent/galasa-managers-testingtools-parent/dev.galasa.jmeter.manager.ivt/src/main/res/jmeter.properties
@@ -316,7 +316,7 @@ remote_hosts=127.0.0.1
#server.rmi.ssl.keystore.file=rmi_keystore.jks
#
# Password of Keystore
-#server.rmi.ssl.keystore.password=changeit
+#server.rmi.ssl.keystore.password=changeit #property is not used as it is commented out #pragma: allowlist secret
#
# Key alias
#server.rmi.ssl.keystore.alias=rmi
@@ -328,7 +328,7 @@ remote_hosts=127.0.0.1
#server.rmi.ssl.truststore.file=rmi_keystore.jks
#
# Password of Trust store
-#server.rmi.ssl.truststore.password=changeit
+#server.rmi.ssl.truststore.password=changeit #property is not used as it is commented out #pragma: allowlist secret
#
# Set this if you don't want to use SSL for RMI
#server.rmi.ssl.disable= false
diff --git a/galasa-managers-parent/galasa-managers-unix-parent/dev.galasa.linux.manager/src/main/java/dev/galasa/linux/internal/shared/LinuxSharedImage.java b/galasa-managers-parent/galasa-managers-unix-parent/dev.galasa.linux.manager/src/main/java/dev/galasa/linux/internal/shared/LinuxSharedImage.java
index 8c6400fc8..f56ba7215 100644
--- a/galasa-managers-parent/galasa-managers-unix-parent/dev.galasa.linux.manager/src/main/java/dev/galasa/linux/internal/shared/LinuxSharedImage.java
+++ b/galasa-managers-parent/galasa-managers-unix-parent/dev.galasa.linux.manager/src/main/java/dev/galasa/linux/internal/shared/LinuxSharedImage.java
@@ -78,7 +78,7 @@ public LinuxSharedImage(LinuxManagerImpl manager, String tag, String hostid, Str
throw new LinuxManagerException("useradd of username " + this.username + " failed:-\n" + response);
}
- String tempPassword = "ThisIsTheFutureOfTesting";
+ String tempPassword = "ThisIsTheFutureOfTesting"; //Not a secret but this raises a vulnerability on server side runs. Issue has been raised to correct this //pragma: allowlist secret
for(int i = 0; i < 4; i++) {
tempPassword = tempPassword + Integer.toString(this.random.nextInt(10));
}
diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/dev/galasa/zos3270/orders/GraphicsEscapeTest.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/dev/galasa/zos3270/orders/GraphicsEscapeTest.java
index 128d936b7..f72653f4a 100644
--- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/dev/galasa/zos3270/orders/GraphicsEscapeTest.java
+++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/dev/galasa/zos3270/orders/GraphicsEscapeTest.java
@@ -90,7 +90,7 @@ public void testGeConvertToDatastream() throws Exception {
System.out.println(hexDatastream);
- assertThat(hexDatastream).as("Expected outbound datastream").isEqualTo("7D40401140C1F1F20850F3F4");
+ assertThat(hexDatastream).as("Expected outbound datastream").isEqualTo("7D40401140C1F1F20850F3F4"); // expected output as a hex code, not a secret //pragma: allowlist secret
}
diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestColour.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestColour.java
index 51f710671..76282f600 100644
--- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestColour.java
+++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestColour.java
@@ -22,7 +22,7 @@ public class TestColour extends Zos3270TestBase {
public static void main(String[] args) throws DecoderException, Zos3270Exception {
- String inbound = "f5c2115b611311c2601df8d59699948193408689859384a211c5401df0d596999481931df8c995a38595a28511c6501d40e385a2a340c99597a4a3404040401df011c8f0290341f442f7c0f8c889878893898788a3899587114b50290341f242f2c0f0d9858440d985a58599a285290341f242f2c0f0d98584408187818995114c6f290341f242f1c0f0c293a48540d985a58599a285290341f242f3c0f0d789959240d985a58599a285290341f242f4c0f0c79985859540d985a58599a285290341f242f5c0f0e3a49998a49689a28540d985a58599a285114df0290341f242f7c0f0e68889a38540d985a58599a28511505e290341f442f6c0f0e885939396a640e4958485999389958511d27a290341f142f6c0f0e885939396a640c29389959211d55c290242f6c0f0e885939396a640d6a4a393899585114c60290341f242f6c0f0e885939396a640d985a58599a285114040290242f7c0f0e385a2a340c5a7a3859584858440c481a381a2a39985819440d4819711d550290242f2c0f0d9858440d6a4a39389958511d940290242f2c0f0d98584290242f1c0f0c293a485290242f3c0f0d7899592290242f4c0f0c799858595290242f5c0f0e3a49998a49689a285290242f6c0f0e885939396a6290242f7c0f0e68889a3851df0c4858681a493a3115a50290242f2c0f8d98584290242f1c0f8c293a485290242f3c0f8d7899592290242f4c0f8c799858595290242f5c0f8e3a49998a49689a285290242f6c0f8e885939396a6290242f7c0f8e68889a3851df8c4858681a493a311d2f0290341f142f2c0f0d9858440c293899592115050290341f442f2c0f0d9858440e49584859993899585115b60290341f442f4c0c1115c6f1df0";
+ String inbound = "f5c2115b611311c2601df8d59699948193408689859384a211c5401df0d596999481931df8c995a38595a28511c6501d40e385a2a340c99597a4a3404040401df011c8f0290341f442f7c0f8c889878893898788a3899587114b50290341f242f2c0f0d9858440d985a58599a285290341f242f2c0f0d98584408187818995114c6f290341f242f1c0f0c293a48540d985a58599a285290341f242f3c0f0d789959240d985a58599a285290341f242f4c0f0c79985859540d985a58599a285290341f242f5c0f0e3a49998a49689a28540d985a58599a285114df0290341f242f7c0f0e68889a38540d985a58599a28511505e290341f442f6c0f0e885939396a640e4958485999389958511d27a290341f142f6c0f0e885939396a640c29389959211d55c290242f6c0f0e885939396a640d6a4a393899585114c60290341f242f6c0f0e885939396a640d985a58599a285114040290242f7c0f0e385a2a340c5a7a3859584858440c481a381a2a39985819440d4819711d550290242f2c0f0d9858440d6a4a39389958511d940290242f2c0f0d98584290242f1c0f0c293a485290242f3c0f0d7899592290242f4c0f0c799858595290242f5c0f0e3a49998a49689a285290242f6c0f0e885939396a6290242f7c0f0e68889a3851df0c4858681a493a3115a50290242f2c0f8d98584290242f1c0f8c293a485290242f3c0f8d7899592290242f4c0f8c799858595290242f5c0f8e3a49998a49689a285290242f6c0f8e885939396a6290242f7c0f8e68889a3851df8c4858681a493a311d2f0290341f142f2c0f0d9858440c293899592115050290341f442f2c0f0d9858440e49584859993899585115b60290341f442f4c0c1115c6f1df0"; // expected input as a hex code, not a secret //pragma: allowlist secret
byte[] inboundBytes = Hex.decodeHex(inbound);
Network network = new Network("here", 1, "a");
diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestInbound.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestInbound.java
index c76c03dde..9f8216bfa 100644
--- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestInbound.java
+++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestInbound.java
@@ -26,7 +26,7 @@ public static void main(String[] args) throws TerminalInterruptedException, Netw
// String inbound = "f5c01140c1131140401d004a54444a53303120776173207375636365737366756c2e204a534f4e20636f6e76657274656420746f20446174612e2020205472616e73666f726d20636f6d6d616e64207375636365737366756c2e1d00200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d0020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
- String inbound1 = "f5c311c5e41311405d290242f1c0f8c3e5c6d4e2f0f140e3c5e2e340d4c1d7e2c5e311c5d21d60c3e4e2e3d6d4c5d940d5e4d4c2c5d97a1dd1f1f1f1f1f1f11df011c7f6290242f1c060d7c1d9e340d5e4d4c2c5d97a1dd1f2f2f2f2f2f2f2f2f2f21df0114ad9290242f1c060d8e4c1d5e3c9e3e87a1dd1f3f3f3f340401df0115a50290242f2c061c3d6d5e3d9d6d340e3c5e2e34040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040";
+ String inbound1 = "f5c311c5e41311405d290242f1c0f8c3e5c6d4e2f0f140e3c5e2e340d4c1d7e2c5e311c5d21d60c3e4e2e3d6d4c5d940d5e4d4c2c5d97a1dd1f1f1f1f1f1f11df011c7f6290242f1c060d7c1d9e340d5e4d4c2c5d97a1dd1f2f2f2f2f2f2f2f2f2f21df0114ad9290242f1c060d8e4c1d5e3c9e3e87a1dd1f3f3f3f340401df0115a50290242f2c061c3d6d5e3d9d6d340e3c5e2e34040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040"; // expected input as a hex code, not a secret //pragma: allowlist secret
String inbound2 = "f140114040124040";
String inbound3 = "f1c611c26013";
byte[] inbound1Bytes = Hex.decodeHex(inbound1);
diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.rseapi.manager/src/main/java/dev/galasa/zosfile/rseapi/manager/internal/RseapiZosDatasetAttributesListdsi.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.rseapi.manager/src/main/java/dev/galasa/zosfile/rseapi/manager/internal/RseapiZosDatasetAttributesListdsi.java
index 9c9a88a04..93725a7e8 100644
--- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.rseapi.manager/src/main/java/dev/galasa/zosfile/rseapi/manager/internal/RseapiZosDatasetAttributesListdsi.java
+++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.rseapi.manager/src/main/java/dev/galasa/zosfile/rseapi/manager/internal/RseapiZosDatasetAttributesListdsi.java
@@ -1,8 +1,8 @@
-/*
- * Copyright contributors to the Galasa project
- *
- * SPDX-License-Identifier: EPL-2.0
- */
+/*
+ * Copyright contributors to the Galasa project
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
package dev.galasa.zosfile.rseapi.manager.internal;
import java.io.BufferedReader;
@@ -58,7 +58,7 @@ public class RseapiZosDatasetAttributesListdsi {
private static final String PROP_SYSCREATE = "syscreate";
private static final String PROP_SYSREFDATE = "sysrefdate";
private static final String PROP_SYSEXDATE = "sysexdate";
- private static final String PROP_SYSPASSWORD = "syspassword";
+ private static final String PROP_SYSPASSWORD = "syspassword"; //Not a password but a pointer to a password //pragma: allowlist secret
private static final String PROP_SYSRACFA = "sysracfa";
private static final String PROP_SYSUPDATED = "sysupdated";
private static final String PROP_SYSTRKSCYL = "systrkscyl";
diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.zosmf.manager/src/main/java/dev/galasa/zosfile/zosmf/manager/internal/ZosmfZosDatasetAttributesListdsi.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.zosmf.manager/src/main/java/dev/galasa/zosfile/zosmf/manager/internal/ZosmfZosDatasetAttributesListdsi.java
index bfd53084c..5dbee28ce 100644
--- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.zosmf.manager/src/main/java/dev/galasa/zosfile/zosmf/manager/internal/ZosmfZosDatasetAttributesListdsi.java
+++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.zosmf.manager/src/main/java/dev/galasa/zosfile/zosmf/manager/internal/ZosmfZosDatasetAttributesListdsi.java
@@ -1,8 +1,8 @@
-/*
- * Copyright contributors to the Galasa project
- *
- * SPDX-License-Identifier: EPL-2.0
- */
+/*
+ * Copyright contributors to the Galasa project
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
package dev.galasa.zosfile.zosmf.manager.internal;
import java.io.BufferedReader;
@@ -61,7 +61,7 @@ public class ZosmfZosDatasetAttributesListdsi {
private static final String PROP_SYSCREATE = "syscreate";
private static final String PROP_SYSREFDATE = "sysrefdate";
private static final String PROP_SYSEXDATE = "sysexdate";
- private static final String PROP_SYSPASSWORD = "syspassword";
+ private static final String PROP_SYSPASSWORD = "syspassword"; //Not a password but a pointer to a password //pragma: allowlist secret
private static final String PROP_SYSRACFA = "sysracfa";
private static final String PROP_SYSUPDATED = "sysupdated";
private static final String PROP_SYSTRKSCYL = "systrkscyl";
diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosmf.manager/src/test/java/dev/galasa/zosmf/internal/properties/TestServerCreds.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosmf.manager/src/test/java/dev/galasa/zosmf/internal/properties/TestServerCreds.java
index 82fee88e1..04f944e70 100644
--- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosmf.manager/src/test/java/dev/galasa/zosmf/internal/properties/TestServerCreds.java
+++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosmf.manager/src/test/java/dev/galasa/zosmf/internal/properties/TestServerCreds.java
@@ -1,8 +1,8 @@
-/*
- * Copyright contributors to the Galasa project
- *
- * SPDX-License-Identifier: EPL-2.0
- */
+/*
+ * Copyright contributors to the Galasa project
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
package dev.galasa.zosmf.internal.properties;
import org.junit.Assert;
@@ -28,7 +28,7 @@ public class TestServerCreds {
//
// private static final String SERVER_ID = "server";
//
-// private static final String CREDS = "creds";
+// private static final String CREDS = "creds"; commented out unit test //pragma: allowlist secret
//
// @Test
// public void testConstructor() {
diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosrseapi.manager/src/test/java/dev/galasa/zosrseapi/internal/properties/TestServerCreds.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosrseapi.manager/src/test/java/dev/galasa/zosrseapi/internal/properties/TestServerCreds.java
index f8f46558c..98e256798 100644
--- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosrseapi.manager/src/test/java/dev/galasa/zosrseapi/internal/properties/TestServerCreds.java
+++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosrseapi.manager/src/test/java/dev/galasa/zosrseapi/internal/properties/TestServerCreds.java
@@ -1,8 +1,8 @@
-/*
- * Copyright contributors to the Galasa project
- *
- * SPDX-License-Identifier: EPL-2.0
- */
+/*
+ * Copyright contributors to the Galasa project
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
package dev.galasa.zosrseapi.internal.properties;
import org.junit.Assert;
@@ -28,7 +28,7 @@ public class TestServerCreds {
//
// private static final String SERVER_ID = "server";
//
-// private static final String CREDS = "creds";
+// private static final String CREDS = "creds"; commented out unit test //pragma: allowlist secret
//
// @Test
// public void testConstructor() {