From 89ff5941e5149dcb41245450672dcb3e7a520eb7 Mon Sep 17 00:00:00 2001
From: Aaron Loo <aaronloo@yelp.com>
Date: Fri, 30 Nov 2018 16:04:27 -0800
Subject: [PATCH] more specific regex for basic auth

---
 detect_secrets/plugins/basic_auth.py | 6 +++++-
 tests/plugins/basic_auth_test.py     | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/detect_secrets/plugins/basic_auth.py b/detect_secrets/plugins/basic_auth.py
index eda4afb20..ff0b46e57 100644
--- a/detect_secrets/plugins/basic_auth.py
+++ b/detect_secrets/plugins/basic_auth.py
@@ -6,8 +6,12 @@
 from detect_secrets.core.potential_secret import PotentialSecret
 
 
+SPECIAL_URL_CHARACTERS = ':/?#[]@'
 BASIC_AUTH_REGEX = re.compile(
-    r'://[^:]+:([^@]+)@',
+    r'://[^{}\s]+:([^{}\s]+)@'.format(
+        re.escape(SPECIAL_URL_CHARACTERS),
+        re.escape(SPECIAL_URL_CHARACTERS),
+    ),
 )
 
 
diff --git a/tests/plugins/basic_auth_test.py b/tests/plugins/basic_auth_test.py
index dbf3c4496..1477fcc75 100644
--- a/tests/plugins/basic_auth_test.py
+++ b/tests/plugins/basic_auth_test.py
@@ -11,6 +11,7 @@ class TestBasicAuthDetector(object):
         'payload, should_flag',
         [
             ('https://username:password@yelp.com', True,),
+            ('http://localhost:5000/<%= @variable %>', False,),
         ],
     )
     def test_analyze_string(self, payload, should_flag):