SONARPY-2152 Lower entropy threshold for S6418 (#1949)

ghislainpiot · web-flow · commit fb1a65cf69c2 · 2024-09-24T11:12:24.000+02:00
diff --git a/python-checks/src/main/java/org/sonar/python/checks/hotspots/HardCodedCredentialsEntropyCheck.java b/python-checks/src/main/java/org/sonar/python/checks/hotspots/HardCodedCredentialsEntropyCheck.java
@@ -45,7 +45,7 @@ public class HardCodedCredentialsEntropyCheck extends PythonSubscriptionCheck {
 
   private static final String DEFAULT_SECRET_KEYWORDS = "api[_.-]?key,auth,credential,secret,token";
 
-  private static final String DEFAULT_RANDOMNESS_SENSIBILITY = "5.0";
+  private static final String DEFAULT_RANDOMNESS_SENSIBILITY = "3.0";
 
   private static final Pattern POSTVALIDATION_PATTERN = Pattern.compile("[a-zA-Z0-9_.+/~$-]([a-zA-Z0-9_.+/=~$-]|\\\\\\\\(?![ntr\"])){14,1022}[a-zA-Z0-9_.+/=~$-]");
 
diff --git a/python-checks/src/test/resources/checks/hotspots/hardcodedCredentialsEntropy.py b/python-checks/src/test/resources/checks/hotspots/hardcodedCredentialsEntropy.py
@@ -5,7 +5,7 @@ def func():
     api_key = "rf6acB24J//1FZLRrKpjmBUYSnUX5CHlt/iD5vVVcgVuAIOB6hzcWjDnv16V6hDLevW0Qs4hKPbP1M4YfuDI16sZna1/VGRLkAbTk6xMPs4epH6A3ZqSyyI-H92y" # Noncompliant
 
 def entropy_too_low():
-    token = "rf6acB24J//1FZLRrKpjmBUYSnUX5CHlt/iD5vVaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+    token = "rf6acB24J//1FZLRrKpjmBUYSnUX5CHlt/iD5vVaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 
 class MyClass:
     secret = "1IfHMPanImzX8ZxC-Ud6+YhXiLwlXq$f_-3v~.=" # Noncompliant {{"secret" detected here, make sure this is not a hard-coded secret.}}
