#404 - Add Arrow Key Assignment Operator Regex to Keyword Plugin (#567)

* Add regex for the arrow function assignment operator followed by quotes to keyword plugin * Revert local dependency changes
Yelp · Jun 23, 2022 · 8996b7a · 8996b7a
1 parent 3c8ee74
commit 8996b7a
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/detect_secrets/plugins/keyword.py b/detect_secrets/plugins/keyword.py
@@ -202,6 +202,17 @@
     ),
     flags=re.IGNORECASE,
 )
+FOLLOWED_BY_ARROW_FUNCTION_SIGN_QUOTES_REQUIRED_REGEX = re.compile(
+    # e.g. my_password => "bar" or my_password => bar
+    r'{denylist}({closing})?{whitespace}=>?{whitespace}({quote})({secret})(\3)'.format(
+        denylist=DENYLIST_REGEX,
+        closing=CLOSING,
+        quote=QUOTE,
+        whitespace=OPTIONAL_WHITESPACE,
+        secret=SECRET,
+    ),
+    flags=re.IGNORECASE,
+)
 CONFIG_DENYLIST_REGEX_TO_GROUP = {
     FOLLOWED_BY_COLON_REGEX: 4,
     PRECEDED_BY_EQUAL_COMPARISON_SIGNS_QUOTES_REQUIRED_REGEX: 2,
@@ -226,6 +237,7 @@
     PRECEDED_BY_EQUAL_COMPARISON_SIGNS_QUOTES_REQUIRED_REGEX: 2,
     FOLLOWED_BY_EQUAL_SIGNS_QUOTES_REQUIRED_REGEX: 5,
     FOLLOWED_BY_QUOTES_AND_SEMICOLON_REGEX: 3,
+    FOLLOWED_BY_ARROW_FUNCTION_SIGN_QUOTES_REQUIRED_REGEX: 4,
 }
 REGEX_BY_FILETYPE = {
     FileType.GO: GOLANG_DENYLIST_REGEX_TO_GROUP,

diff --git a/tests/plugins/keyword_test.py b/tests/plugins/keyword_test.py
@@ -142,12 +142,16 @@
     ('if (db_pass !== "{}") {{'.format(COMMON_SECRET), COMMON_SECRET),
     ('password "{}";'.format(COMMON_SECRET), COMMON_SECRET),
     ('password = {}'.format(COMMON_SECRET), None),  # Secret without quotes
+    ('password = "{}"'.format(COMMON_SECRET), COMMON_SECRET),
+    ('password => "{}"'.format(COMMON_SECRET), COMMON_SECRET),
     ('api_key = ""', None),              # Nothing in the quotes
     ("secret: ''", None),                # Nothing in the quotes
     ('password: ${link}', None),         # Has a ${ followed by a }
     ('some_key = "real_secret"', None),  # We cannot make 'key' a Keyword, too noisy)
     ('private_key "hopenobodyfindsthisone\';', None),  # Double-quote does not match single-quote)
     (LONG_LINE, None),  # Long line test
+    ('password => ""', None),
+    ('password => {}'.format(COMMON_SECRET), None),
 ]