SECRETS-178: Raise an issue for S6706 when there is not whitespace

Author: daniel-teuchert-sonarsource

sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/gcp.yaml

@@ -80,3 +80,10 @@ provider:
               "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/xyz%40developer.gserviceaccount.com"
             }
           containsSecret: false
+        - text: |
+            # Test case from pubkey-crypto.yaml to show that there is no overlap
+            -----BEGIN PRIVATE KEY-----\nMG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBiYwF7DmgkMs5nuBTGo
+            qStzE1qIw4I8oR6hNAMyAARglVCk/eB1iMoPWZO+GyLAdpb7PykKintU3m9cS8cN
+            /I3gU7NXutYjL9npMWLoHPI=
+            -----END PRIVATE KEY-----
+          containsSecret: false

sonar-text-plugin/src/main/resources/org/sonar/plugins/secrets/configuration/pubkey-crypto.yaml

@@ -277,27 +277,55 @@ provider:
       metadata:
         name: Private keys should not be disclosed
       detection:
+        pre:
+          reject:
+            content:
+              # This prevents overlap with gcp.yaml
+              - "accounts.google.com"
+            ext:
+              - .adoc
+              - .example
+              - .html
+              - .md
+              - .mdx
+              - .template
         matching:
-          pattern: "(-----BEGIN PRIVATE KEY-----) "
+          pattern: "(-----BEGIN PRIVATE KEY-----)"
           context:
             matchEach:
               - patternAfter: "[a-zA-Z0-9+/]{60,}"
               - patternAfter: "-----END PRIVATE KEY-----"
       examples:
         - text: |
-            -----BEGIN PRIVATE KEY----- \nMG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBiYwF7DmgkMs5nuBTGo
+            -----BEGIN PRIVATE KEY-----\nMG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBiYwF7DmgkMs5nuBTGo
             qStzE1qIw4I8oR6hNAMyAARglVCk/eB1iMoPWZO+GyLAdpb7PykKintU3m9cS8cN
             /I3gU7NXutYjL9npMWLoHPI=
             -----END PRIVATE KEY-----
           containsSecret: true
-          match: "-----BEGIN PRIVATE KEY----- "
+          match: "-----BEGIN PRIVATE KEY-----"
         - text: |
-            -----BEGIN PRIVATE KEY----- \nMG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBiYwF7DmgkMs5nuBTGo
+            -----BEGIN PRIVATE KEY-----\nMG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBiYwF7DmgkMs5nuBTGo
             qStzE1qIw4I8oR6hNAMyAARglVCk/eB1iMoPWZO+GyLAdpb7PykKintU3m9cS8cN
             /I3gU7NXutYjL9npMWLoHPI=
             -----END PRIVATE KEY-----
           fileName: Doc.template
           containsSecret: false
+        - text: |
+            # Test case from gcp.yaml to show that there is no overlap
+            {
+                "type": "service_account",
+                "project_id": "example-project",
+                "private_key_id": "2772b8e6f42dc67369b98f0b91694f7805b28844",
+                "private_key": "-----BEGIN PRIVATE KEY-----\nKBww9jggAgBEHBCBAASIMDsoCBAuAQINAgFAGSXQTkiAE0cEIkoQghJAqGavB/r3\n2W6raHa1Qrfj6pii5U2Ok53SxCyK3TxYc3Bfxq8orZeYC9LQ/I3tz7w4/BnT71AD\nfP1i8SWHsRMIicSuVFcRoYMA+A1eNSmdrujdBNWgedfuSyHbPnNY7s8BBUIoBN7I\n8gJG5DUUKAZfZDB2c/n7Yu0=\n-----END PRIVATE KEY-----\n",
+                "client_email": "[email protected]",
+                "client_id": "492539091821492546176",
+                "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+                "token_uri": "https://oauth2.googleapis.com/token",
+                "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+                "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/example%40example.iam.gserviceaccount.example.com",
+                "universe_domain": "googleapis.com"
+            }
+          containsSecret: false
 
     - id: pkcs8-private-key-encrypted
       rspecKey: S6706