Skip to content

Commit

Permalink
Update regex to pass updated test
Browse files Browse the repository at this point in the history
  • Loading branch information
@perryzjc
perryzjc committed Nov 19, 2023
1 parent cc56cac commit ac853b9
Showing 1 changed file with 15 additions and 21 deletions.
36 changes: 15 additions & 21 deletions detect_secrets/plugins/ip_public.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,30 +19,24 @@ class IPPublicDetector(RegexBasedDetector):
secret_type = 'Public IP (ipv4)'

denylist_ipv4_address = r"""
# Negative lookbehind: Checks if preceding character is not a digit
(?<![0-9])
# Negative lookahead: Checks if following pattern doesn't match
(?!
# Matches "192.168.", "127.", "10.", or "172." with specific ranges
192\.168\.|
127\.|
10\.|
172\.(?:1[6-9]|2[0-9]|3[01])
)
# Non-capturing group for numbers 0-255 followed by a dot
(?:
(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.
){3}
# Matches final number in an IP address (0-255)
(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
# Optional group for port number (0-99999)
(?::\d{1,5})?
# Negative lookahead: Ensures next character isn't a digit
(?!
[0-9]
(?<!\.) # Negative lookbehind: Ensures no preceding dot
\b # Word boundary: Start of a word
(?! # Negative lookahead: Ensures the following pattern doesn't match
192\.168\. # Exclude "192.168."
|127\. # Exclude "127."
|10\. # Exclude "10."
|172\.(?:1[6-9]|2[0-9]|3[01]) # Exclude "172." with specific ranges
)
(?: # Non-capturing group for octets
(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\. # Match numbers 0-255 followed by dot
){3} # Repeat for three octets
(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?) # Match final octet (0-255)
(?::\d{1,5})? # Optional non-capturing group for port number (0-99999)
\b # Word boundary: End of a word
(?!\.) # Negative lookahead: Ensures no following dot
"""


denylist = [
re.compile(denylist_ipv4_address, flags=re.IGNORECASE | re.VERBOSE),
]

0 comments on commit ac853b9

Please sign in to comment.