• Home
• org.sonarsource.text
• sonar-text-plugin
• 2.20.0.5038
• source code
• google-api.yaml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.plugins.secrets.configuration.google-api.yaml Maven / Gradle / Ivy

provider:
  metadata:
    name: Google Workspace
    category: Cloud Collaboration
    message: Make sure this Google API Key is either secured or revoked, changed, and removed from the code.
  detection:
    pre:
      reject:
        paths:
          - "**/GoogleService-Info.plist"
          - "**/google-services.json"
          - "**/google-services.*.json"
      include:
        content:
          - "AIza"
    post:
      patternNot:
        - "(\\w)\\1{5}"
        - "(?i)(s|ex)ample"
  rules:
    - id: google-api-keys
      rspecKey: S6334
      metadata:
        name: Google API Keys
      detection:
        matching:
          pattern: "\\b(AIza[0-9A-Za-z_\\-]{35})\\b"
          context:
            matchEach:
              # This regex aims to roughly trim out secrets related to these platforms
              - matchNot:
                  patternAround:
                    pattern: "(?i)firebase|maps\\.googleapis\\.com"
                    maxCharDistance: 250
              - matchNot:
                  patternAround:
                    pattern: "(?i)firebase_url"
                    maxLineDistance: 100
                # This regex aims to trim out secrets assigned to variables containing these names.
              - matchNot:
                  patternAround:
                    pattern: "(?i)\
                      com\\.google\\.android\\.(?:maps\\.v2|geo)\\.API_KEY\
                      |google[_\\W]?maps?|maps?[_\\W]?(?:api[_\\W]?)?key\
                      |https://www\\.google\\.com/maps/embed/v1/place\
                      "
                    maxCharDistance: 100
      examples:
        - text: |
            # Noncompliant code example
            props.set("google-api-key", "AIzaf4Six4MjGwxvkarrf1LPUaCdyNSjzsyIoRI")
          containsSecret: true
          match: AIzaf4Six4MjGwxvkarrf1LPUaCdyNSjzsyIoRI

        - text: |
            # Compliant solution
            props.set("google-api-key", System.getenv("GOOGLE_API_KEY"))
          containsSecret: false

        - text: |
            
            
          containsSecret: false

        - text: |
            # Multiple false positives
            "google_maps_and_places_api_key": "AIzaSyAJN-eCsoSpVO9ckb1TRy4edZLgiTQPlLS",

            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            const GOOGLE_MAPS_API_KEY = 'AIzahiaFcxjkE6qUn3twHXxjnSOKbCvb6PocyAS';

            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            export const GOOGLE_MAP_API_KEY = 'AIzabKq1uhRsku-SR2ST0gVuyEANVSbMdesdkTB'

            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            export const defaultGoogleMapProviderSettings: GoogleMapProviderSettings = {
              gmApiKey: 'AIzaSyDowE5TTg8Nc2Iw398xwbQxzjd7kaGPcxS',
              gmDefaultMapType: GoogleMapType.roadmap
            };

            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            google.charts.load('current', {
                packages: ['line', 'corechart', 'geochart'],
                mapsApiKey: 'AIzaSyD-MaWoWkM77rQ2BYZSFk-MePe90tjSnXu'
            });

            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            mapKey="AIzaSyjHGRhXdz_WJOd_ExAnB3tThCLj_e9gUds"
          containsSecret: false

        - text: |
            

            
          fileName: AndroidManifest.xml
          containsSecret: false

        - text: |
            ...
            "api_key": [
              {
                "current_key": "AIzaZ3Tdlm9iyHRIJ8goVTqCFQxuSaFBG3dZDvk"
              }
            ],
            ...
          fileName: google-services.json
          containsSecret: false

        - text: |
            # Google Maps API keys are not secret
            link="https://maps.googleapis.com/maps/api/"
            # This Is more than 250 charactersXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            props.set("google-api-key", "AIzaf4Six4MjGwxvkarrf1LPUaCdyNSjzsyIoRI")
          containsSecret: true
          match: AIzaf4Six4MjGwxvkarrf1LPUaCdyNSjzsyIoRI

        - text: |
            # Google Maps API keys are not secret
            
          containsSecret: false

        - text: |
            android:value="AIzaSyCis4NzxMw1aJyvUIrjGILjPkSdxrRfof4"
          containsSecret: true
          match: AIzaSyCis4NzxMw1aJyvUIrjGILjPkSdxrRfof4
        - text: |
            android:value="AIzaSyCis4NzxMw1aJyvUIrjGfof4",
            // extra characters before
            android:value="KatitioAIzaSyCis4NzxMw1aJyvUIrjGILjPkSdxrRfof4",
            // extra characters after
            android:value="AIzaSyCis4NzxMw1aJyvUIrjGfof4abc"
          containsSecret: false
        - text: |
            // placeholders
            android:value="AIzaSyCe9XJjn78vch---EXAMPLE---SQFBe20s"
            android:value="AIzaSyHqGowa85aImLDP7-sd7gcGlgKnuxxxxxx"
            android:value="AIza00000000000000000000000000000000000"
          containsSecret: false
        - text: |
            const (
              firebaseAPIKey = "AIzaSyCis4NzxMw1aJyvUIrjGILjPkSdxrRfof4"
              tokenURL       = "https://securetoken.googleapis.com/v1/token?key=" + firebaseAPIKey

              EnvVarCQAPIKey = "CQ_API_KEY"
            )
          containsSecret: false
        - text: |
            "project_info": {
              "firebase_url": "https://xx-zzzzz.firebaseio.com"
            },
            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
            "client": [
              {
                "api_key": [
                  {
                    "current_key": "AIzaf4Six4MjGwxvkarrf1LPUaCdyNSjzsyIoRI"
                  }
                ],
          containsSecret: false