org.sonar.plugins.secrets.configuration.telegram.yaml Maven / Gradle / Ivy
provider:
metadata:
name: Telegram
category: Communication Platform
message: Make sure this Telegram key gets revoked, changed, and removed from the code.
detection:
pre:
include:
content:
- telegram
rules:
- id: telegram-bot-key
rspecKey: S6701
metadata:
name: Telegram bot keys should not be disclosed
detection:
matching:
pattern: "\\b(\\d{9,12}:AA[A-Za-z_\\-]{33})\\b"
post:
patternNot:
- "(\\w)\\1{5}"
- "123456"
- "(?i)(s|ex)ample"
statisticalFilter:
threshold: 4.4 # Based on significant sampling, 4.5 < entropy < 5.4
examples:
- text: |
// noncompliant example
telegram
props.set("api_token", "7299363101:AAWJlilLyeMaKgTTrrfsyrtxDqqI-cdI-TF")
containsSecret: true
match: 7299363101:AAWJlilLyeMaKgTTrrfsyrtxDqqI-cdI-TF
- text: |
// compliant example
telegram
props.set("api_token", System.getenv("API_TOKEN"))
containsSecret: false
- text: |
public void run(ApplicationArguments args) {
TelegramBot bot = new TelegramBot("7299363101:AAWJlilLyeMaKgTTrrfsyrtxDqqI-cdI-TF");
containsSecret: true
match: 7299363101:AAWJlilLyeMaKgTTrrfsyrtxDqqI-cdI-TF
- text: |
telegram:
# Alert via telegram? Note: also supersedes chain-specific settings
enabled: no
# API key ... talk to @BotFather
api_key: '5555555555:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
containsSecret: false
© 2015 - 2025 Weber Informatics LLC | Privacy Policy