SonarSource · sebastien-marichal · Feb 19, 2025 · Feb 20, 2025 · Feb 20, 2025 · Feb 21, 2025
diff --git a/...ertyAsScannerOptsMappingProcessorTests.cs → ...ors/TruststorePropertiesProcessorTests.cs b/...ertyAsScannerOptsMappingProcessorTests.cs → ...ors/TruststorePropertiesProcessorTests.cs
@@ -3,7 +3,7 @@
 namespace SonarScanner.MSBuild.PreProcessor.Test.AnalysisConfigProcessing.Processors;
 
 [TestClass]
-public class PropertyAsScannerOptsMappingProcessorTests
+public class TruststorePropertiesProcessorTests
 {
     [TestMethod]
     public void Update_TrustStorePropertiesNullValue_Mapped()
@@ -34,15 +34,16 @@ public void Update_TrustStorePropertiesValue_Mapped()
     {
         // Arrange
         var cmdLineArgs = new ListPropertiesProvider();
-        cmdLineArgs.AddProperty("sonar.scanner.truststorePath", @"C:\path\to\truststore.pfx");
-        cmdLineArgs.AddProperty("sonar.scanner.truststorePassword", "itchange");
+        cmdLineArgs.AddProperty(SonarProperties.TruststorePath, @"C:\path\to\truststore.pfx");
+        cmdLineArgs.AddProperty(SonarProperties.TruststorePassword, "itchange");
+        cmdLineArgs.AddProperty(SonarProperties.HostUrl, "https://localhost:9000");
         var processor = CreateProcessor(CreateProcessedArgs(cmdLineArgs), isUnix: false);
         var config = new AnalysisConfig
         {
             LocalSettings =
             [
-                new Property("sonar.scanner.truststorePath", @"C:\path\to\truststore.pfx"),
-                new Property("sonar.scanner.truststorePassword", "itchange")
+                new Property(SonarProperties.TruststorePath, @"C:\path\to\truststore.pfx"),
+                new Property(SonarProperties.TruststorePassword, "itchange")
             ]
         };
 
@@ -62,16 +63,17 @@ public void Update_DefaultPropertyValues()
         var sonarUserHome = Path.Combine("~", ".sonar");
         var defaultTruststorePath = Path.Combine(sonarUserHome, SonarPropertiesDefault.TruststorePath);
         var cmdLineArgs = new ListPropertiesProvider();
-        cmdLineArgs.AddProperty("sonar.userHome", sonarUserHome);
+        cmdLineArgs.AddProperty(SonarProperties.UserHome, sonarUserHome);
+        cmdLineArgs.AddProperty(SonarProperties.HostUrl, "https://localhost:9000");
         var fileWrapper = Substitute.For<IFileWrapper>();
         fileWrapper.Exists(defaultTruststorePath).Returns(true);
         var processor = CreateProcessor(CreateProcessedArgs(cmdLineArgs, fileWrapper), isUnix: false);
-        var config = new AnalysisConfig { LocalSettings = [new Property("sonar.userHome", sonarUserHome)] };
+        var config = new AnalysisConfig { LocalSettings = [new Property(SonarProperties.UserHome, sonarUserHome)] };
 
         // Act
         processor.Update(config);
 
-        config.LocalSettings.Should().ContainSingle(x => x.Id == "sonar.userHome" && x.Value == sonarUserHome);
+        config.LocalSettings.Should().ContainSingle(x => x.Id == SonarProperties.UserHome && x.Value == sonarUserHome);
         config.ScannerOptsSettings.Should().HaveCount(2)
             .And.Contain(x => x.Id == "javax.net.ssl.trustStore" && x.Value == $"\"{defaultTruststorePath.Replace(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar)}\"")
             .And.Contain(x => x.Id == "javax.net.ssl.trustStorePassword" && x.Value == $"\"{SonarPropertiesDefault.TruststorePassword}\"");
@@ -81,7 +83,6 @@ public void Update_DefaultPropertyValues()
     [DataRow(SonarProperties.Verbose, "true")]
     [DataRow(SonarProperties.Organization, "org")]
     [DataRow(SonarProperties.HostUrl, "http://localhost:9000")]
-    [DataRow(SonarProperties.HostUrl, @"http://localhost:9000\")]
     public void Update_UnmappedProperties(string id, string value)
     {
         // Arrange
@@ -103,9 +104,10 @@ public void Update_MapsTruststorePathToScannerOpts_Windows(string input, string
     {
         // Arrange
         var cmdLineArgs = new ListPropertiesProvider();
-        cmdLineArgs.AddProperty("sonar.scanner.truststorePath", input);
+        cmdLineArgs.AddProperty(SonarProperties.HostUrl, "https://localhost:9000");
+        cmdLineArgs.AddProperty(SonarProperties.TruststorePath, input);
         var processor = CreateProcessor(CreateProcessedArgs(cmdLineArgs), isUnix: false);
-        var config = new AnalysisConfig { LocalSettings = [new Property("sonar.scanner.truststorePath", input)] };
+        var config = new AnalysisConfig { LocalSettings = [new Property(SonarProperties.TruststorePath, input)] };
 
         // Act
         processor.Update(config);
@@ -115,7 +117,7 @@ public void Update_MapsTruststorePathToScannerOpts_Windows(string input, string
         config.ScannerOptsSettings.Should().HaveCount(2);
         AssertExpectedScannerOptsSettings("javax.net.ssl.trustStore", expected, config);
         AssertExpectedScannerOptsSettings("javax.net.ssl.trustStorePassword", $"\"{SonarPropertiesDefault.TruststorePassword}\"", config);
-        Property.TryGetProperty("sonar.scanner.truststorePath", config.LocalSettings, out _).Should().BeFalse();
+        Property.TryGetProperty(SonarProperties.TruststorePath, config.LocalSettings, out _).Should().BeFalse();
     }
 
     [DataTestMethod]
@@ -126,16 +128,26 @@ public void Update_MapsTruststorePasswordToScannerOpts_Windows(string input, str
     {
         // Arrange
         var cmdLineArgs = new ListPropertiesProvider();
-        cmdLineArgs.AddProperty("sonar.scanner.truststorePassword", input);
+        cmdLineArgs.AddProperty(SonarProperties.TruststorePath, "some/path");
+        cmdLineArgs.AddProperty(SonarProperties.TruststorePassword, input);
+        cmdLineArgs.AddProperty(SonarProperties.HostUrl, "https://localhost:9000");
         var processor = CreateProcessor(CreateProcessedArgs(cmdLineArgs), isUnix: false);
-        var config = new AnalysisConfig { LocalSettings = [new Property("sonar.scanner.truststorePassword", input)] };
+        var config = new AnalysisConfig
+        {
+            LocalSettings =
+            [
+                new Property(SonarProperties.TruststorePath, "some/path"),
+                new Property(SonarProperties.TruststorePassword, input)
+            ]
+        };
 
         // Act
         processor.Update(config);
 
         // Assert
         config.LocalSettings.Should().ContainSingle(x => x.Id == SonarProperties.TruststorePassword && x.Value == input);
-        config.ScannerOptsSettings.Should().ContainSingle();
+        config.ScannerOptsSettings.Should().HaveCount(2);
+        AssertExpectedScannerOptsSettings("javax.net.ssl.trustStore", @"""some/path""", config);
         AssertExpectedScannerOptsSettings("javax.net.ssl.trustStorePassword", expected, config);
     }
 
@@ -146,9 +158,10 @@ public void Update_MapsTruststorePathToScannerOpts_Linux(string input, string ex
     {
         // Arrange
         var cmdLineArgs = new ListPropertiesProvider();
-        cmdLineArgs.AddProperty("sonar.scanner.truststorePath", input);
+        cmdLineArgs.AddProperty(SonarProperties.HostUrl, "https://localhost:9000");
+        cmdLineArgs.AddProperty(SonarProperties.TruststorePath, input);
         var processor = CreateProcessor(CreateProcessedArgs(cmdLineArgs), isUnix: true);
-        var config = new AnalysisConfig { LocalSettings = [new Property("sonar.scanner.truststorePath", input)] };
+        var config = new AnalysisConfig { LocalSettings = [new Property(SonarProperties.TruststorePath, input)] };
 
         // Act
         processor.Update(config);
@@ -158,7 +171,7 @@ public void Update_MapsTruststorePathToScannerOpts_Linux(string input, string ex
         config.ScannerOptsSettings.Should().HaveCount(2);
         AssertExpectedScannerOptsSettings("javax.net.ssl.trustStore", expected, config);
         AssertExpectedScannerOptsSettings("javax.net.ssl.trustStorePassword", SonarPropertiesDefault.TruststorePassword, config);
-        Property.TryGetProperty("sonar.scanner.truststorePath", config.LocalSettings, out _).Should().BeFalse();
+        Property.TryGetProperty(SonarProperties.TruststorePath, config.LocalSettings, out _).Should().BeFalse();
     }
 
     [DataTestMethod]
@@ -168,31 +181,107 @@ public void Update_MapsTruststorePasswordToScannerOpts_Linux(string input, strin
     {
         // Arrange
         var cmdLineArgs = new ListPropertiesProvider();
-        cmdLineArgs.AddProperty("sonar.scanner.truststorePassword", input);
-        var processor = CreateProcessor(CreateProcessedArgs(cmdLineArgs), isUnix: true);
-        var config = new AnalysisConfig { LocalSettings = [new Property("sonar.scanner.truststorePassword", input)] };
+        cmdLineArgs.AddProperty(SonarProperties.HostUrl, "https://localhost:9000");
+        cmdLineArgs.AddProperty(SonarProperties.TruststorePassword, input);
+        var javaHome = Path.Combine("/home", "user", "java");
+        var javaHomeCacerts = Path.Combine(javaHome, "lib", "security", "cacerts");
+        var fileWrapper = Substitute.For<IFileWrapper>();
+        fileWrapper.Exists(javaHomeCacerts).Returns(true);
+        var processor = CreateProcessor(CreateProcessedArgs(cmdLineArgs), fileWrapper, isUnix: true);
+        var config = new AnalysisConfig { LocalSettings = [new Property(SonarProperties.TruststorePassword, input)] };
+        using var envScope = new EnvironmentVariableScope();
+        envScope.SetVariable("JAVA_HOME", javaHome);
 
         // Act
         processor.Update(config);
 
         // Assert
         config.LocalSettings.Should().ContainSingle(x => x.Id == SonarProperties.TruststorePassword && x.Value == input);
-        config.ScannerOptsSettings.Should().ContainSingle();
+        config.ScannerOptsSettings.Should().HaveCount(2);
+        AssertExpectedScannerOptsSettings("javax.net.ssl.trustStore", javaHomeCacerts.Replace(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar), config);
         AssertExpectedScannerOptsSettings("javax.net.ssl.trustStorePassword", expected, config);
     }
 
+    [TestMethod]
+    public void Update_TrustedByTheSystem_Windows()
+    {
+        // Arrange
+        var cmdLineArgs = new ListPropertiesProvider();
+        cmdLineArgs.AddProperty(SonarProperties.HostUrl, "https://localhost:9000");
+        var processor = CreateProcessor(CreateProcessedArgs(cmdLineArgs), isUnix: false);
+        var config = new AnalysisConfig { LocalSettings = [] };
+
+        // Act
+        processor.Update(config);
+
+        // Assert
+        config.LocalSettings.Should().BeEmpty();
+        config.ScannerOptsSettings.Should().ContainSingle();
+        AssertExpectedScannerOptsSettings("javax.net.ssl.trustStoreType", "Windows-ROOT", config);
+    }
+
+    [TestMethod]
+    public void Update_TrustedByTheSystem_Linux()
+    {
+        // Arrange
+        var javaHome = Path.Combine("/home", "user", "java");
+        var javaHomeCacerts = Path.Combine(javaHome, "lib", "security", "cacerts");
+        var fileWrapper = Substitute.For<IFileWrapper>();
+        fileWrapper.Exists(javaHomeCacerts).Returns(true);
+        var cmdLineArgs = new ListPropertiesProvider();
+        cmdLineArgs.AddProperty(SonarProperties.HostUrl, "https://localhost:9000");
+        var processor = CreateProcessor(CreateProcessedArgs(cmdLineArgs), fileWrapper, isUnix: true);
+        var config = new AnalysisConfig { LocalSettings = [] };
+        using var envScope = new EnvironmentVariableScope();
+        envScope.SetVariable("JAVA_HOME", javaHome);
+
+        // Act
+        processor.Update(config);
+
+        // Assert
+        config.LocalSettings.Should().BeEmpty();
+        config.ScannerOptsSettings.Should().HaveCount(1);
+        AssertExpectedScannerOptsSettings("javax.net.ssl.trustStore", javaHomeCacerts.Replace(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar), config);
+    }
+
+    [TestMethod]
+    public void Update_TrustedByTheSystemPasswordProvided_Linux()
+    {
+        // Arrange
+        var javaHome = Path.Combine("/home", "user", "java");
+        var javaHomeCacerts = Path.Combine(javaHome, "lib", "security", "cacerts");
+        var fileWrapper = Substitute.For<IFileWrapper>();
+        fileWrapper.Exists(javaHomeCacerts).Returns(true);
+        var cmdLineArgs = new ListPropertiesProvider();
+        cmdLineArgs.AddProperty(SonarProperties.HostUrl, "https://localhost:9000");
+        var processor = CreateProcessor(CreateProcessedArgs(cmdLineArgs), fileWrapper, isUnix: true);
+        var config = new AnalysisConfig { LocalSettings = [] };
+        using var envScope = new EnvironmentVariableScope();
+        envScope.SetVariable("JAVA_HOME", javaHome);
+        envScope.SetVariable("SONAR_SCANNER_OPTS", "-Djavax.net.ssl.trustStorePassword=itchange");
+
+        // Act
+        processor.Update(config);
+
+        // Assert
+        config.LocalSettings.Should().HaveCount(1);
+        config.ScannerOptsSettings.Should().HaveCount(2);
+        AssertExpectedScannerOptsSettings("javax.net.ssl.trustStore", javaHomeCacerts.Replace(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar), config);
+        AssertExpectedScannerOptsSettings("javax.net.ssl.trustStorePassword", "itchange", config);
+    }
+
     private static void AssertExpectedScannerOptsSettings(string key, string expectedValue, AnalysisConfig actualConfig)
     {
         var found = Property.TryGetProperty(key, actualConfig.ScannerOptsSettings, out var property);
         found.Should().BeTrue("Expected local property was not found. Key: {0}", key);
         property.Value.Should().Be(expectedValue, "Unexpected local value. Key: {0}", key);
     }
 
-    private static PropertyAsScannerOptsMappingProcessor CreateProcessor(ProcessedArgs args, bool isUnix = false)
+    private static TruststorePropertiesProcessor CreateProcessor(ProcessedArgs args, IFileWrapper fileWrapper = null, bool isUnix = false)
     {
         var operatingSystemProvider = Substitute.For<IOperatingSystemProvider>();
         operatingSystemProvider.IsUnix().Returns(isUnix);
-        return new PropertyAsScannerOptsMappingProcessor(args, null, operatingSystemProvider);
+        return new TruststorePropertiesProcessor(args, null, fileWrapper ?? Substitute.For<IFileWrapper>(), operatingSystemProvider);
     }
 
     private static ProcessedArgs CreateProcessedArgs(IAnalysisPropertyProvider cmdLineProvider = null, IFileWrapper fileWrapper = null) =>
@@ -201,7 +290,7 @@ private static ProcessedArgs CreateProcessedArgs(IAnalysisPropertyProvider cmdLi
             "1.0",
             "organization",
             false,
-            cmdLineProvider ?? Substitute.For<IAnalysisPropertyProvider>(),
+            cmdLineProvider ?? EmptyPropertyProvider.Instance,
             Substitute.For<IAnalysisPropertyProvider>(),
             EmptyPropertyProvider.Instance,
             fileWrapper ?? Substitute.For<IFileWrapper>(),

diff --git a/src/SonarScanner.MSBuild.PreProcessor/AnalysisConfigProcessing/AnalysisConfigGenerator.cs b/src/SonarScanner.MSBuild.PreProcessor/AnalysisConfigProcessing/AnalysisConfigGenerator.cs
@@ -89,6 +89,6 @@ private static IEnumerable<IAnalysisConfigProcessor> CreateProcessors(BuildSetti
         new InitializationProcessor(buildSettings, localSettings, additionalSettings, serverProperties), // this must be first
         new CoverageExclusionsProcessor(localSettings, serverProperties),
         new AnalysisScopeProcessor(localSettings, serverProperties),
-        new PropertyAsScannerOptsMappingProcessor(localSettings, serverProperties, new OperatingSystemProvider(FileWrapper.Instance, logger)),
+        new TruststorePropertiesProcessor(localSettings, serverProperties, FileWrapper.Instance, new OperatingSystemProvider(FileWrapper.Instance, logger)),
     ];
 }
diff --git a/...r.MSBuild.PreProcessor/AnalysisConfigProcessing/Processors/CoverageExclusionsProcessor.cs b/...r.MSBuild.PreProcessor/AnalysisConfigProcessing/Processors/CoverageExclusionsProcessor.cs
@@ -18,10 +18,6 @@
  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  */
 
-using System.Collections.Generic;
-using System.Linq;
-using SonarScanner.MSBuild.Common;
-
 namespace SonarScanner.MSBuild.PreProcessor.AnalysisConfigProcessing.Processors;
 
 // See https://sonarsource.atlassian.net/browse/SCAN4NET-29

diff --git a/...nner.MSBuild.PreProcessor/AnalysisConfigProcessing/Processors/IAnalysisConfigProcessor.cs b/...nner.MSBuild.PreProcessor/AnalysisConfigProcessing/Processors/IAnalysisConfigProcessor.cs
@@ -18,8 +18,6 @@
  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  */
 
-using SonarScanner.MSBuild.Common;
-
 namespace SonarScanner.MSBuild.PreProcessor.AnalysisConfigProcessing.Processors;
 
 public interface IAnalysisConfigProcessor

diff --git a/.../PropertyAsScannerOptsMappingProcessor.cs → ...ocessors/TruststorePropertiesProcessor.cs b/.../PropertyAsScannerOptsMappingProcessor.cs → ...ocessors/TruststorePropertiesProcessor.cs
@@ -24,19 +24,75 @@ namespace SonarScanner.MSBuild.PreProcessor.AnalysisConfigProcessing.Processors;
 /// Map property name to another property name and/or value to pass them through the SONAR_SCANNER_OPTS
 /// environment variable to Scanner CLI 5.
 /// </summary>
-public class PropertyAsScannerOptsMappingProcessor(
+public class TruststorePropertiesProcessor(
     ProcessedArgs localSettings,
     IDictionary<string, string> serverProperties,
+    IFileWrapper fileWrapper,
     IOperatingSystemProvider operatingSystemProvider)
     : AnalysisConfigProcessorBase(localSettings, serverProperties)
 {
+    const string JAVAX_NET_SSL_TRUST_STORE = "javax.net.ssl.trustStore";
+    const string JAVAX_NET_SSL_TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
+    const string JAVAX_NET_SSL_TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
+
     public override void Update(AnalysisConfig config)
     {
-        MapProperty(config, "javax.net.ssl.trustStore", PropertyValueOrDefault(SonarProperties.TruststorePath, LocalSettings.TruststorePath), ConvertToJavaPath, EnsureSurroundedByQuotes);
-        var password = PropertyValueOrDefault(SonarProperties.TruststorePassword, LocalSettings.TruststorePassword);
-        MapProperty(config, "javax.net.ssl.trustStorePassword", password, EnsureSurroundedByQuotes);
+        if (new Uri(LocalSettings.ServerInfo.ServerUrl).Scheme != "https"
-        if (new Uri(LocalSettings.ServerInfo.ServerUrl).Scheme != "https"
+        if (new Uri(LocalSettings.ServerInfo.ServerUrl).Scheme != Uri.UriSchemeHttps
-        if (new Uri(LocalSettings.ServerInfo.ServerUrl).Scheme != "https"
+        if (new Uri(LocalSettings.ServerInfo.ServerUrl).Scheme != Uri.UriSchemeHttps
+            || LocalSettings.ServerInfo.ServerUrl is SonarPropertiesDefault.SonarcloudUrl)
+        {
+            return;
+        }
+
+        var truststorePath = PropertyValueOrDefault(SonarProperties.TruststorePath, LocalSettings.TruststorePath);
+        var truststorePassword = PropertyValueOrDefault(SonarProperties.TruststorePassword, LocalSettings.TruststorePassword);
+
+        if (truststorePath is null)
+        {
+            if (operatingSystemProvider.IsUnix())
+            {
+                truststorePath = FindJavaTruststorePath();
+                truststorePassword ??= TruststorePasswordFromEnvironment();
+            }
+            else
+            {
+                MapProperty(config, JAVAX_NET_SSL_TRUST_STORE_TYPE, "Windows-ROOT");
+            }
+        }
+
+        MapProperty(config, JAVAX_NET_SSL_TRUST_STORE, truststorePath, ConvertToJavaPath, EnsureSurroundedByQuotes);
         config.LocalSettings.RemoveAll(x => x.Id is SonarProperties.TruststorePath or SonarProperties.TruststorePassword);
-        config.LocalSettings.Add(new Property(SonarProperties.TruststorePassword, password));
+
+        if (truststorePassword is not null)
+        {
+            MapProperty(config, JAVAX_NET_SSL_TRUST_STORE_PASSWORD, truststorePassword, EnsureSurroundedByQuotes);
+            config.LocalSettings.Add(new Property(SonarProperties.TruststorePassword, truststorePassword));
+        }
+    }
+
+    private static string TruststorePasswordFromEnvironment()
+    {
+        var sonarScannerOpts = Environment.GetEnvironmentVariable("SONAR_SCANNER_OPTS");
+        if (sonarScannerOpts is null)
+        {
+            return null;
+        }
+
+        return sonarScannerOpts.Split(' ').FirstOrDefault(x => x.StartsWith($"-D{JAVAX_NET_SSL_TRUST_STORE_PASSWORD}=")) is { } truststorePassword
-        return sonarScannerOpts.Split(' ').FirstOrDefault(x => x.StartsWith($"-D{JAVAX_NET_SSL_TRUST_STORE_PASSWORD}=")) is { } truststorePassword
+        return sonarScannerOpts.Split(' ').FirstOrDefault(x => x.StartsWith($"-D{JAVAX_NET_SSL_TRUST_STORE_PASSWORD}=", StringComparison.OrdinalIgnoreCase)) is { } truststorePassword
-        return sonarScannerOpts.Split(' ').FirstOrDefault(x => x.StartsWith($"-D{JAVAX_NET_SSL_TRUST_STORE_PASSWORD}=")) is { } truststorePassword
+        return sonarScannerOpts.Split(' ').FirstOrDefault(x => x.StartsWith($"-D{JAVAX_NET_SSL_TRUST_STORE_PASSWORD}=", StringComparison.OrdinalIgnoreCase)) is { } truststorePassword
+            ? truststorePassword.Substring($"-D{JAVAX_NET_SSL_TRUST_STORE_PASSWORD}=".Length)
+            : null;
+    }
+
+    private string FindJavaTruststorePath()
+    {
+        var javaHome = Environment.GetEnvironmentVariable("JAVA_HOME");
+        if (javaHome is null)
+        {
+            // TODO: propagate the error?
+            return null;
+        }
+
+        var javaTruststorePath = Path.Combine(javaHome, "lib", "security", "cacerts");
+        return fileWrapper.Exists(javaTruststorePath) ? javaTruststorePath : null;
     }
 
     private string PropertyValueOrDefault(string propertyName, string defaultValue) =>