Adjust regex to pass new test

Yelp · Nov 21, 2023 · 5fc4ed6 · 5fc4ed6
1 parent 8341fba
commit 5fc4ed6
Showing 1 changed file with 19 additions and 15 deletions.
diff --git a/detect_secrets/plugins/ip_public.py b/detect_secrets/plugins/ip_public.py
@@ -19,21 +19,25 @@ class IPPublicDetector(RegexBasedDetector):
     secret_type = 'Public IP (ipv4)'
 
     denylist_ipv4_address = r"""
-        (?<!\.)         # Negative lookbehind: Ensures no preceding dot
-        \b              # Word boundary: Start of a word
-        (?!             # Negative lookahead: Ensures the following pattern doesn't match
-            192\.168\.  # Exclude "192.168."
-            |127\.      # Exclude "127."
-            |10\.       # Exclude "10."
-            |172\.(?:1[6-9]|2[0-9]|3[01]) # Exclude "172." with specific ranges
-        )
-        (?:             # Non-capturing group for octets
-            (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\. # Match numbers 0-255 followed by dot
-        ){3}            # Repeat for three octets
-        (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?) # Match final octet (0-255)
-        (?::\d{1,5})?   # Optional non-capturing group for port number (0-99999)
-        \b              # Word boundary: End of a word
-        (?!\.)          # Negative lookahead: Ensures no following dot
+        (?<![\w.])         # Negative lookbehind: Ensures no preceding word character or dot
+        (                  # Start of the main capturing group
+            (?!            # Negative lookahead: Ensures the following pattern doesn't match
+                192\.168\. # Exclude "192.168."
+                |127\.     # Exclude "127."
+                |10\.      # Exclude "10."
+                |172\.(?:1[6-9]|2[0-9]|3[01])   # Exclude "172." with specific ranges
+            )
+            (?:            # Non-capturing group for octets
+                           # Match numbers 0-255 followed by dot, properly handle leading zeros
+                (?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.
+            ){3}           # Repeat for three octets
+                           # Match final octet (0-255), properly handle leading zeros
+            (?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])
+            (?:            # Optional non-capturing group for port number
+                :\d{1,5}   # Match colon followed by 1 to 5 digits
+            )?
+        )                  # End of the main capturing group
+        (?![\w.])          # Negative lookahead: Ensures no following word character or dot
     """
 
     denylist = [