Add template to match for RegEx in String Literals

I saw that there is a template that is able to match a RegEx for comments (javascript:S124). we would need something similar for String Literals, to be able to catch hardcoded userid’s in our JavaScript code. Here are some code examples that we would like to catch:

var user = ‘C123456’;
var user = ‘domain\userid’
if(user == ‘C123456’)

and here one RegEx from my Java Custom rule that should match for all 3 cases above:


any chance to get such a rule template added?

it could be used in many ways to catch unwanted strings that projects have in their code, for example:

  • http://
  • localhost

it would even be interesting to see such a rule template for other languages as well. S124 is at least available for Java, JavaScript, TypeScript and Cobol

hello @youngroman,

I think it’s an interesting idea, and such rule could be valuable in almost any language. We are going to discuss internally wether we add it to our backlog, because it is similar to some other topics we are discussing (BIDI character detecion, leaked secret detection).

FYI, we also have hotspot rule S2068 that can be configured to detect arbitrary strings, however, they can’t be regexps.