False positive detection of a non existing Google OAuth Client Secret

[tosiara]

Describe the bug
False positive detection of a non existing Google OAuth Client Secret:

Scanned 57 B from 1 blobs in 0 seconds (952 B/s); 1/1 new matches

 Rule                         Findings   Matches
─────────────────────────────────────────────────
 Google OAuth Client Secret          1         1

To Reproduce
Scan this yaml file:

prod:
	client_secret: "%env(SERVICE_CLIENT_SECRET_13)%"

Expected behavior
The line is Symfony's env var placeholder, not a secret. Expected no detection

Actual behavior
The line is detected as Google OAuth Client Secret

Output of noseyparker --version

noseyparker 0.24.0

Build Configuration:

    Build Timestamp:    2025-05-08T21:12:43.451617598Z

    Commit Timestamp:   2025-05-08T17:04:47.000000000-04:00
    Commit Branch:      HEAD
    Commit SHA:         61fa4ca67e4ded1b47b3b9ecce618ae91f1ff2fe

    Cargo Features:     color_backtrace,default,disable_trace,github,log,mimalloc,parquet,release
    Debug:              true
    Optimization:       3
    Target Triple:      aarch64-unknown-linux-gnu

Build System:

    OS:                 Debian GNU/Linux
    OS Version:         Linux (Debian GNU/Linux 11)

    CPU Vendor:         ARM
    CPU Brand:          Neoverse-N2
    CPU Cores:          8

    rustc Version:      1.82.0
    rustc Channel:      stable
    rustc Host Triple:  aarch64-unknown-linux-gnu
    rustc Commit Date:  2024-10-15
    rustc Commit SHA:   f6e511eec7342f59a25f7c0534f1dbea00d01b14
    rustc LLVM Version: 19.1

[micksmix]

You can swap in this Kingfisher rule, which is compatible with Nosey Parker:
https://github.com/mongodb/kingfisher/blob/main/data/rules/google.yml#L14

Kingfisher originated as an extended fork of an earlier Nosey Parker version, so the regex patterns remain compatible. You can either use this rule directly in NP, or consider using Kingfisher if you want the expanded rule set and additional features.