Create rule S6731(secrets): Slack Bot Tokens should not be disclosed (#2973)

You can preview this rule
[here](https://sonarsource.github.io/rspec/#/rspec/S6731/secrets)
(updated a few minutes after each push).

## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

---------

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>

rules/S6731/metadata.json

@@ -0,0 +1,2 @@
+{
+}

rules/S6731/secrets/metadata.json

@@ -0,0 +1,58 @@
+{
+  "title": "Slack bot tokens should not be disclosed",
+  "type": "VULNERABILITY",
+  "code": {
+    "impacts": {
+      "SECURITY": "HIGH"
+    },
+    "attribute": "TRUSTWORTHY"
+  },
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "30min"
+  },
+  "tags": [
+    "cwe",
+    "cert"
+  ],
+  "extra": {
+    "replacementRules": [
+
+    ]
+  },
+  "defaultSeverity": "Blocker",
+  "ruleSpecification": "RSPEC-6731",
+  "sqKey": "S6731",
+  "scope": "All",
+  "securityStandards": {
+    "CWE": [
+      798,
+      259
+    ],
+    "OWASP": [
+      "A3"
+    ],
+    "CERT": [
+      "MSC03-J."
+    ],
+    "OWASP Top 10 2021": [
+      "A7"
+    ],
+    "PCI DSS 3.2": [
+      "6.5.10"
+    ],
+    "PCI DSS 4.0": [
+      "6.2.4"
+    ],
+    "ASVS 4.0": [
+      "2.10.4",
+      "3.5.2",
+      "6.4.1"
+    ]
+  },
+  "defaultQualityProfiles": [
+    "Sonar way"
+  ],
+  "quickfix": "unknown"
+}

rules/S6731/secrets/rule.adoc

@@ -0,0 +1,47 @@
+include::../../../shared_content/secrets/description.adoc[]
+
+== Why is this an issue?
+
+include::../../../shared_content/secrets/rationale.adoc[]
+
+=== What is the potential impact?
+
+Slack bot tokens have multiple types of access to a channel: They can post
+messages, read usernames and users emails. These links have plethora of possible capabilities.
+
+Below are some real-world scenarios that illustrate some impacts of an attacker
+exploiting the secret.
+
+:secret_type: token
+
+include::../../../shared_content/secrets/impact/phishing.adoc[]
+
+include::../../../shared_content/secrets/impact/malware_distribution.adoc[]
+
+include::../../../shared_content/secrets/impact/personal_data_compromise.adoc[]
+
+== How to fix it
+
+include::../../../shared_content/secrets/fix/revoke.adoc[]
+
+include::../../../shared_content/secrets/fix/vault.adoc[]
+
+=== Code examples
+
+:example_secret: xoxb-592666205443-2542034435697-FM7vdsq184d0G5vBNiOq8MSF8t7
+:example_name: slack_bot_token
+:example_env: SLACK_BOT_TOKEN 
+
+include::../../../shared_content/secrets/examples.adoc[]
+
+//=== How does this work?
+
+//=== Pitfalls
+
+//=== Going the extra mile
+
+== Resources
+
+include::../../../shared_content/secrets/resources/standards.adoc[]
+
+//=== Benchmarks

shared_content/secrets/impact/phishing.adoc

@@ -1,6 +1,16 @@
 ==== Phishing and spam
 
 An attacker can use this {secret_type} to spam users or lure them into links to
-a malicious domain controlled by the attacker. From here, an attacker can
-intercept the user’s credentials, bypass multi-factor authentication (MFA), and
-take over the user’s account on the trusted site.
+a malicious domain controlled by the attacker.
+
+Spam can cause users to be exposed to the following:
+
+* Unsolicited, inappropriate content, such as pornographic material
+* Fraudulent attempts to trick users into sending information or money
+* Abusive or hateful statements
+* False advertising or fraudulent claims
+
+Once a user has been phished on a legitimate-seeming third-party website, an
+attacker can collect the user’s credentials, bypass multi-factor authentication
+(MFA), and take over the user’s account on the trusted website.
+