SonarSource
diff --git a/‎sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/aws.yaml
Lines changed: 17 additions & 0 deletions b/‎sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/aws.yaml
Lines changed: 17 additions & 0 deletions
diff --git a/‎sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/azure.yaml
Lines changed: 83 additions & 0 deletions b/‎sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/azure.yaml
Lines changed: 83 additions & 0 deletions
diff --git a/‎sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/firebase.yaml
Lines changed: 18 additions & 0 deletions b/‎sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/firebase.yaml
Lines changed: 18 additions & 0 deletions
diff --git a/‎sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/mongodb.yaml
Lines changed: 56 additions & 1 deletion b/‎sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/mongodb.yaml
Lines changed: 56 additions & 1 deletion
@@ -4,6 +4,19 @@ provider:
     category: Cloud provider
   detection:
     pre:
+      reject:
+        paths:
+          - "**/test/**"
+          - "**/tests/**"
+          - "**/Test/**"
+          - "**/Tests/**"
+          - "**/*Test*"
+          - "**/*test*"
+          - "**/*.Development*"
+          - "**/*.development*"
+          - "**/*.integration.*"
+          - "**/*.Integration.*"
+          - "**/*.QA.*"
       include:
         content:
           - aws
@@ -48,6 +61,10 @@ provider:
             aws_secret_access_key=kHeUAwnSUizTWpSbyGAz4f+As5LshPIjvtpswqGb
           containsSecret: true
           match: kHeUAwnSUizTWpSbyGAz4f+As5LshPIjvtpswqGb
+        - text: |
+            aws_secret_access_key=kHeUAwnSUizTWpSbyGAz4f+As5LshPIjvtpswqGb
+          fileName: awsTest.java
+          containsSecret: false
         - text: |
             AWS_FECRET_KEY=kHeUAwnSUizTWpSbyGAz4f+As5LshPIjvtpswqGb'
             AWS_SECRET_KEY=EXAMPLEKEYCXCgDCUbJq1h7CKwNqnpA1il4MXL+y
 
@@ -4,6 +4,20 @@ provider:
     category: Cloud provider
     message: Make sure this Azure Storage Account Key gets revoked, changed, and removed from the code.
   detection:
+    pre:
+      reject:
+        paths:
+          - "**/test/**"
+          - "**/tests/**"
+          - "**/Test/**"
+          - "**/Tests/**"
+          - "**/*Test*"
+          - "**/*test*"
+          - "**/*.Development*"
+          - "**/*.development*"
+          - "**/*.integration.*"
+          - "**/*.Integration.*"
+          - "**/*.QA.*"
     post:
       patternNot:
         # Character repeated at least 4 times
@@ -26,6 +40,19 @@ provider:
           include:
             content:
               - "core.windows.net"
+          reject:
+            paths:
+              - "**/test/**"
+              - "**/tests/**"
+              - "**/Test/**"
+              - "**/Tests/**"
+              - "**/*Test*"
+              - "**/*test*"
+              - "**/*.Development*"
+              - "**/*.development*"
+              - "**/*.integration.*"
+              - "**/*.Integration.*"
+              - "**/*.QA.*"
         matching:
           pattern: "['\"`]([a-zA-Z0-9/\\+]{86}==)['\"`]"
       examples:
@@ -115,6 +142,19 @@ provider:
           include:
             content:
               - "AccountKey="
+          reject:
+            paths:
+              - "**/test/**"
+              - "**/tests/**"
+              - "**/Test/**"
+              - "**/Tests/**"
+              - "**/*Test*"
+              - "**/*test*"
+              - "**/*.Development*"
+              - "**/*.development*"
+              - "**/*.integration.*"
+              - "**/*.Integration.*"
+              - "**/*.QA.*"
         matching:
           pattern: "AccountKey=([a-zA-Z0-9/\\+]{86}==)"
       examples:
@@ -134,6 +174,10 @@ provider:
             const connStr = "DefaultEndpointsProtocol=https;AccountName=testaccountname;AccountKey=4dVw+l0W8My+FwuZ08dWXn+gHxcmBtS7esLAQSrm6/Om3jeyUKKGMkfAh38kWZlItThQYsg31v23A0w/uVP4pg==;EndpointSuffix=core.windows.net";
           containsSecret: true
           match: 4dVw+l0W8My+FwuZ08dWXn+gHxcmBtS7esLAQSrm6/Om3jeyUKKGMkfAh38kWZlItThQYsg31v23A0w/uVP4pg==
+        - text: |
+            const connStr = "DefaultEndpointsProtocol=https;AccountName=testaccountname;AccountKey=4dVw+l0W8My+FwuZ08dWXn+gHxcmBtS7esLAQSrm6/Om3jeyUKKGMkfAh38kWZlItThQYsg31v23A0w/uVP4pg==;EndpointSuffix=core.windows.net";
+          fileName: azureTest.java
+          containsSecret: false
         - text: |
             const connStr = "DefaultEndpointsProtocol=https;AccountName=testaccountname;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==";
             const connStr = "DefaultEndpointsProtocol=https;AccountName=testaccountname;AccountKey=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==";
@@ -149,6 +193,19 @@ provider:
           include:
             content:
               - "Subscription"
+          reject:
+            paths:
+              - "**/test/**"
+              - "**/tests/**"
+              - "**/Test/**"
+              - "**/Tests/**"
+              - "**/*Test*"
+              - "**/*test*"
+              - "**/*.Development*"
+              - "**/*.development*"
+              - "**/*.integration.*"
+              - "**/*.Integration.*"
+              - "**/*.QA.*"
 
         matching:
           # While pretty generic, looking for this pattern in the wild lands a majority of actual Azure keys.
@@ -199,6 +256,19 @@ provider:
           include:
             content:
               - "microsoft.com"
+          reject:
+            paths:
+              - "**/test/**"
+              - "**/tests/**"
+              - "**/Test/**"
+              - "**/Tests/**"
+              - "**/*Test*"
+              - "**/*test*"
+              - "**/*.Development*"
+              - "**/*.development*"
+              - "**/*.integration.*"
+              - "**/*.Integration.*"
+              - "**/*.QA.*"
         matching:
           # Matches a 32 chars hexadecimal string located at most 3 lines under a microsoft API URL.
           pattern: "(?is)api\\.[a-z0-9.]*microsoft.com(?:[^\\r\\n]*+\\r?\\n){1,3}?(?:[^\\r\\n]*)(?:secret|key).{1,15}\\b([a-f0-9]{32})\\b"
@@ -221,6 +291,19 @@ provider:
           include:
             content:
               - "microsoft.com"
+          reject:
+            paths:
+              - "**/test/**"
+              - "**/tests/**"
+              - "**/Test/**"
+              - "**/Tests/**"
+              - "**/*Test*"
+              - "**/*test*"
+              - "**/*.Development*"
+              - "**/*.development*"
+              - "**/*.integration.*"
+              - "**/*.Integration.*"
+              - "**/*.QA.*"
         matching:
           # Matches a 32 chars hexadecimal string located at most 3 lines above a microsoft API URL.
           pattern: "(?is)(?:secret|key).{1,15}\\b([a-f0-9]{32})\\b(?:[^\\r\\n]*+\\r?\n){1,3}?(?:[^\\r\\n]*)api\\.[a-z0-9.]*microsoft.com"
 
@@ -5,6 +5,19 @@ provider:
     message: Make sure this FCM key gets revoked, changed, and removed from the code.
   detection:
     pre:
+      reject:
+        paths:
+          - "**/test/**"
+          - "**/tests/**"
+          - "**/Test/**"
+          - "**/Tests/**"
+          - "**/*Test*"
+          - "**/*test*"
+          - "**/*.Development*"
+          - "**/*.development*"
+          - "**/*.integration.*"
+          - "**/*.Integration.*"
+          - "**/*.QA.*"
       include:
         content:
           - firebase
@@ -26,6 +39,11 @@ provider:
             props.set("fcm_key", "cfUDlZL9YBQ:APA91bJxU9oMf3RbiyqnmUO60KU_JLawjf2yrTfSs3_ZAp3dxZS0J88G5P5AoKWoviAdUK5i-2SB7iHcb4Wd38EMsZXBAAb6GZMaSOeKfaI0DuLxAFTOgGNKRSmj2R9gIQyzpjoThmqe")
           containsSecret: true
           match: "cfUDlZL9YBQ:APA91bJxU9oMf3RbiyqnmUO60KU_JLawjf2yrTfSs3_ZAp3dxZS0J88G5P5AoKWoviAdUK5i-2SB7iHcb4Wd38EMsZXBAAb6GZMaSOeKfaI0DuLxAFTOgGNKRSmj2R9gIQyzpjoThmqe"
+        - text: |
+            # Noncompliant code example
+            props.set("fcm_key", "cfUDlZL9YBQ:APA91bJxU9oMf3RbiyqnmUO60KU_JLawjf2yrTfSs3_ZAp3dxZS0J88G5P5AoKWoviAdUK5i-2SB7iHcb4Wd38EMsZXBAAb6GZMaSOeKfaI0DuLxAFTOgGNKRSmj2R9gIQyzpjoThmqe")
+          containsSecret: false
+          fileName: firebaseTest.java
         - text: |
             # Compliant solution
             props.set("fcm_key", System.getenv("FCM_KEY"))
 
@@ -3,7 +3,21 @@ provider:
       name: MongoDB
       category: Data storage
       message: Make sure this MongoDB database password gets changed and removed from the code.
-
+  detection:
+    pre:
+      reject:
+        paths:
+          - "**/test/**"
+          - "**/tests/**"
+          - "**/Test/**"
+          - "**/Tests/**"
+          - "**/*Test*"
+          - "**/*test*"
+          - "**/*.Development*"
+          - "**/*.development*"
+          - "**/*.integration.*"
+          - "**/*.Integration.*"
+          - "**/*.QA.*"
   rules:
     - id: mongo-url
       rspecKey: S6694
@@ -15,6 +29,19 @@ provider:
             content:
               - mongo
               - mongodb
+          reject:
+            paths:
+              - "**/test/**"
+              - "**/tests/**"
+              - "**/Test/**"
+              - "**/Tests/**"
+              - "**/*Test*"
+              - "**/*test*"
+              - "**/*.Development*"
+              - "**/*.development*"
+              - "**/*.integration.*"
+              - "**/*.Integration.*"
+              - "**/*.QA.*"
         matching:
           # Look for URIs in the format "protocol://username:password@server:port/..."
           # The protocol is "mongo" or "mongodb" but can also be followed by a subprotocol, e.g. "mongodb+srv".
@@ -101,6 +128,18 @@ provider:
               - .html
               - .example
               - .template
+            paths:
+              - "**/test/**"
+              - "**/tests/**"
+              - "**/Test/**"
+              - "**/Tests/**"
+              - "**/*Test*"
+              - "**/*test*"
+              - "**/*.Development*"
+              - "**/*.development*"
+              - "**/*.integration.*"
+              - "**/*.Integration.*"
+              - "**/*.QA.*"
         matching:
           pattern: "\\bmongo(?:dump|import|restore|sh)?(?=[ \\t]).{0,100}[ \\t](?:-p|--password)[ \\t]+([^\"'\\s]{3,})"
         post:
@@ -146,6 +185,18 @@ provider:
               - .html
               - .example
               - .template
+            paths:
+              - "**/test/**"
+              - "**/tests/**"
+              - "**/Test/**"
+              - "**/Tests/**"
+              - "**/*Test*"
+              - "**/*test*"
+              - "**/*.Development*"
+              - "**/*.development*"
+              - "**/*.integration.*"
+              - "**/*.Integration.*"
+              - "**/*.QA.*"
         matching:
           pattern: "\\bmongo(?:dump|import|restore|sh)?(?=[ \\t]).{0,100}[ \\t](?:-p|--password)[ \\t]+(?:\\\\?[\"'])([^\\r\\n\"']{3,})(?:\\\\?[\"'])"
         post:
@@ -172,6 +223,10 @@ provider:
             mongo --host "localhost" --username "root" --password "P@ssw0rd"
           containsSecret: true
           match: P@ssw0rd
+        - text: |
+            mongo --host "localhost" --username "root" --password "P@ssw0rd"
+          containsSecret: false
+          fileName: mongoTest.java
         - text: |
             mongo --host "localhost" --username "root" --password "..."
           containsSecret: false