SONARTEXT-9 [S6338] Prevent raising on well-known authentication keys (#160)

petertrr · web-flow · commit a4c3b8e3b78d · 2023-07-20T16:56:17.000+02:00
diff --git a/sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/azure.yaml b/sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/azure.yaml
@@ -24,7 +24,7 @@ provider:
     message: Make sure this Azure Storage Account Key gets revoked, changed, and removed from the code.
   detection:
     post:
-        patternNot: "EXAMPLE"
+      patternNot: "(EXAMPLE|Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==|C2y6yDjf5/R\\+ob0N8A7Cgv30VRDJIWEHLM\\+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==)"
 
   rules:
     - rspecKey: S6338
@@ -74,6 +74,11 @@ provider:
             const connStr = "DefaultEndpointsProtocol=https;AccountName=testaccountname;AccountKey=4dVw+l0W8My+FwuZ08dWXn+gHxcmBtS7esLAQSrm6/Om3jeyUKKGMkfAh38kWZlItThQYsg31v23A0w/uVP4pg==;EndpointSuffix=core.windows.net";
           containsSecret: true
           match: 4dVw+l0W8My+FwuZ08dWXn+gHxcmBtS7esLAQSrm6/Om3jeyUKKGMkfAh38kWZlItThQYsg31v23A0w/uVP4pg==
+        - text: |
+            const connStr = "DefaultEndpointsProtocol=https;AccountName=testaccountname;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==";
+            const connStr = "DefaultEndpointsProtocol=https;AccountName=testaccountname;AccountKey=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==";
+          # These are well-known keys used in emulators only
+          containsSecret: false
       detection:
         matching:
           pattern: "AccountKey=([a-zA-Z0-9/\\+]{86}==)"
