Added allow rule + tests

assets/queries/common/passwords_and_secrets/regex_rules.json

@@ -229,7 +229,13 @@
       "id": "2f665079-c383-4b33-896e-88268c1fa258",
       "name": "Generic Private Key",
       "regex": "(?i)['\"]?private[_]?key['\"]?\\s*[:=]\\s*['\"]?([[A-Za-z0-9/~^_!@&%()=?*+-]+)['\"]?",
-      "specialMask": "(?i)['\"]?private[_]?key['\"]?\\s*[:=]\\s*"
+      "specialMask": "(?i)['\"]?private[_]?key['\"]?\\s*[:=]\\s*",
+      "allowRules": [
+        {
+          "description": "Avoiding bash variables",
+          "regex": "(?i)['\"]?\\$\\s*\\{[^\\s\\}]+\\}['\"]?"
+        }
+      ]
     },
     {
       "id": "baee238e-1921-4801-9c3f-79ae1d7b2cbc",

assets/queries/common/passwords_and_secrets/test/negative56.yml

@@ -0,0 +1,14 @@
+stages:
+  - build
+
+variables:
+  GIT_PRIVATE_KEY: $GIT_PRIVATE_KEY
+
+job_build:
+  stage: build
+  script:
+    - if [[ -z "${GIT_PRIVATE_KEY:-}" ]]; then
+        echo "Missing GIT_PRIVATE_KEY variable!"
+        exit 1
+      fi
+    - echo "Private key is set."

assets/queries/common/passwords_and_secrets/test/positive48.yml

@@ -0,0 +1,14 @@
+stages:
+  - build
+
+variables:
+  GIT_PRIVATE_KEY: "heythisisaprivatekey!"
+
+job_build:
+  stage: build
+  script:
+    - if [[ -z "${GIT_PRIVATE_KEY:-}" ]]; then
+        echo "Missing GIT_PRIVATE_KEY variable!"
+        exit 1
+      fi
+    - echo "Private key is set."