I saw that there is a template that is able to match a RegEx for comments (javascript:S124). we would need something similar for String Literals, to be able to catch hardcoded userid’s in our JavaScript code. Here are some code examples that we would like to catch:
var user = ‘C123456’;
var user = ‘domain\userid’
if(user == ‘C123456’)
and here one RegEx from my Java Custom rule that should match for all 3 cases above:
^(.+\\|)[a-zA-Z][a-zA-Z0-9][0-9]{5}$
any chance to get such a rule template added?
it could be used in many ways to catch unwanted strings that projects have in their code, for example:
- http://
- localhost
it would even be interesting to see such a rule template for other languages as well. S124 is at least available for Java, JavaScript, TypeScript and Cobol