Modify S6710(FCM): Improve regex, name and pattern (#271)

loris-s-sonarsource · web-flow · commit 204333764ae2 · 2023-09-22T16:59:07.000+02:00
diff --git a/sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/firebase.yaml b/sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/firebase.yaml
@@ -1,8 +1,8 @@
 provider:
   metadata:
-    name: Firebase
+    name: Firebase Cloud Messaging
     category: Messaging System
-    message: Make sure this Firebase key gets revoked, changed, and removed from the code.
+    message: Make sure this FCM key gets revoked, changed, and removed from the code.
   detection:
     pre:
       include:
@@ -16,11 +16,20 @@ provider:
     - id: legacy-fcm-api-key
       rspecKey: S6710
       metadata:
-        name: Legacy Firebase Cloud Messaging API Key
+        name: Legacy Firebase Cloud Messaging API Keys
       detection:
         matching:
-          pattern: "(?i)\\b([a-z0-9\\-_]{11}:apa91b[a-z0-9\\-_+]{134})\\b"
+          pattern: "(?i)\\b([\\w\\-]{11}:apa91b[\\w\\-+]{134})\\b"
       examples:
+        - text: |
+            # Noncompliant code example
+            props.set("fcm_key", "cfUDlZL9YBQ:APA91bJxU9oMf3RbiyqnmUO60KU_JLawjf2yrTfSs3_ZAp3dxZS0J88G5P5AoKWoviAdUK5i-2SB7iHcb4Wd38EMsZXBAAb6GZMaSOeKfaI0DuLxAFTOgGNKRSmj2R9gIQyzpjoThmqe")
+          containsSecret: true
+          match: "cfUDlZL9YBQ:APA91bJxU9oMf3RbiyqnmUO60KU_JLawjf2yrTfSs3_ZAp3dxZS0J88G5P5AoKWoviAdUK5i-2SB7iHcb4Wd38EMsZXBAAb6GZMaSOeKfaI0DuLxAFTOgGNKRSmj2R9gIQyzpjoThmqe"
+        - text: |
+            # Compliant solution
+            props.set("fcm_key", System.getenv("FCM_KEY"))
+          containsSecret: false
         - text: |
             self.current_datetime = strftime("%Y-%m-%d %H:%M:%S", gmtime())
             self.firebase = "kCIN6c4oo49:APA91bJxU9oMf3RbiyqnmUO60KU_JLawjf2yrTfSs3_ZAp3dxZS0J88G5P5AoKWoviAdUK5i-2SB7iHcb4Wd38EMsZXBAAb6GZMaSOeKfaI0DuLxAFTOgGNKRSmj2R9gIQyzpjoThmqe"
