From 3b921e78725982be84b3adc458c4fcc1182a4178 Mon Sep 17 00:00:00 2001
From: "Justin D. Eyster" <Justin.Eyster@ibm.com>
Date: Thu, 17 Oct 2019 10:33:25 -0400
Subject: [PATCH] Fix Cloud IAM detector bug (#221)

* Fix Cloud IAM detector bug

* Test the failing syntax apikey:<key>

* Make ibm cloud iam keywords optional
---
 detect_secrets/plugins/ibm_cloud_iam.py | 8 ++++----
 tests/plugins/ibm_cloud_iam_test.py     | 5 +++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/detect_secrets/plugins/ibm_cloud_iam.py b/detect_secrets/plugins/ibm_cloud_iam.py
index 9f336e152..9b0897061 100644
--- a/detect_secrets/plugins/ibm_cloud_iam.py
+++ b/detect_secrets/plugins/ibm_cloud_iam.py
@@ -11,15 +11,15 @@ class IBMCloudIAMDetector(RegexBasedDetector):
     secret_type = 'IBM Cloud IAM Key'
 
     # opt means optional
-    ibm_cloud_iam = r'(?:ibm(?:_|-|)cloud(?:_|-|)iam|cloud(?:_|-|)iam|' + \
-                    r'ibm(?:_|-|)cloud|ibm(?:_|-|)iam|ibm|iam|cloud)'
+    opt_ibm_cloud_iam = r'(?:ibm(?:_|-|)cloud(?:_|-|)iam|cloud(?:_|-|)iam|' + \
+        r'ibm(?:_|-|)cloud|ibm(?:_|-|)iam|ibm|iam|cloud|)'
     opt_dash_undrscr = r'(?:_|-|)'
     opt_api = r'(?:api|)'
     key_or_pass = r'(?:key|pwd|password|pass|token)'
-    secret = r'([a-zA-z0-9_\-]{44})'
+    secret = r'([a-zA-Z0-9_\-]{44})'
     denylist = [
         RegexBasedDetector.assign_regex_generator(
-            prefix_regex=ibm_cloud_iam + opt_dash_undrscr + opt_api,
+            prefix_regex=opt_ibm_cloud_iam + opt_dash_undrscr + opt_api,
             password_keyword_regex=key_or_pass,
             password_regex=secret,
         ),
diff --git a/tests/plugins/ibm_cloud_iam_test.py b/tests/plugins/ibm_cloud_iam_test.py
index a3f75ff84..1092ae0cc 100644
--- a/tests/plugins/ibm_cloud_iam_test.py
+++ b/tests/plugins/ibm_cloud_iam_test.py
@@ -7,8 +7,8 @@
 from detect_secrets.plugins.ibm_cloud_iam import IBMCloudIAMDetector
 
 
-CLOUD_IAM_KEY = 'abcd1234abcd1234abcd1234abcd1234abcd1234--__'
-CLOUD_IAM_KEY_BYTES = b'abcd1234abcd1234abcd1234abcd1234abcd1234--__'
+CLOUD_IAM_KEY = 'abcd1234abcd1234abcd1234ABCD1234ABCD1234--__'
+CLOUD_IAM_KEY_BYTES = b'abcd1234abcd1234abcd1234ABCD1234ABCD1234--__'
 
 
 class TestIBMCloudIamDetector(object):
@@ -47,6 +47,7 @@ class TestIBMCloudIamDetector(object):
             ('ibm_api_key:="{cloud_iam_key}"'.format(cloud_iam_key=CLOUD_IAM_KEY), True),
             ('ibm_password = "{cloud_iam_key}"'.format(cloud_iam_key=CLOUD_IAM_KEY), True),
             ('ibm-cloud-pwd = {cloud_iam_key}'.format(cloud_iam_key=CLOUD_IAM_KEY), True),
+            ('apikey:{cloud_iam_key}'.format(cloud_iam_key=CLOUD_IAM_KEY), True),
             ('iam_api_key="%s" % IBM_IAM_API_KEY_ENV', False),
             ('CLOUD_APIKEY: "insert_key_here"', False),
             ('cloud-iam-key:=afakekey', False),