Modify S6722(planetscale): improve tests and pattern (#272)

loris-s-sonarsource · web-flow · commit 1a9ce43df708 · 2023-09-22T14:18:39.000+02:00
diff --git a/sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/planetscale.yaml b/sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/planetscale.yaml
@@ -19,8 +19,17 @@ provider:
         name: Planetscale database passwords should not be disclosed
       detection:
         matching:
-          pattern: "(\\bpscale_pw_[a-zA-Z0-9\\-_\\.]{43})"
+          pattern: "(?i)\\b(pscale_pw_[\\w\\-\\.]{43})"
       examples:
+        - text: |
+            # Noncompliant code example
+            props.set("planetscale_password", "pscale_pw_hatgoG_EprhgnblWotaJGbeOeFE7q9BwW0_g5ML486D")
+          containsSecret: true
+          match: pscale_pw_hatgoG_EprhgnblWotaJGbeOeFE7q9BwW0_g5ML486D
+        - text: |
+            # Compliant solution
+            props.set("planetscale_password", System.getenv("PLANETSCALE_PASSWORD"))
+          containsSecret: false
         - text: |
             spring.datasource.username=user
             spring.datasource.password=pscale_pw_CoNLTwSMJwvKspy89_2JdSoxmGWaElypgmlzel5KolA
