From 955fce74c61370a2cd75288378ed201b661fb529 Mon Sep 17 00:00:00 2001 From: Bernard A Boateng Date: Thu, 11 Apr 2019 11:40:17 -0400 Subject: [PATCH 1/2] simplify regex --- detect_secrets/plugins/keyword.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/detect_secrets/plugins/keyword.py b/detect_secrets/plugins/keyword.py index 16b99e395..126340ca1 100644 --- a/detect_secrets/plugins/keyword.py +++ b/detect_secrets/plugins/keyword.py @@ -120,15 +120,16 @@ } QUOTE = r'[\'"]' # includes ], ', " as closing -CLOSING = r'[]\'"]' +CLOSING = r'[]\'"]{0,2}' # non-greedy match OPTIONAL_WHITESPACE = r'\s*?' +OPTIONAL_NON_WHITESPACE = r'[^\s]*?' SECRET = r'[^\s]+' BLACKLIST_REGEX = r'|'.join(BLACKLIST) FOLLOWED_BY_COLON_REGEX = re.compile( # e.g. api_key: foo - r'({blacklist}){closing}?:{whitespace}({quote}?)({secret})(\2)'.format( + r'({blacklist})({closing})?:{whitespace}({quote}?)({secret})(\3)'.format( blacklist=BLACKLIST_REGEX, closing=CLOSING, quote=QUOTE, @@ -138,7 +139,7 @@ ) FOLLOWED_BY_COLON_QUOTES_REQUIRED_REGEX = re.compile( # e.g. api_key: "foo" - r'({blacklist}){closing}?:({whitespace})({quote})({secret})(\3)'.format( + r'({blacklist})({closing})?:({whitespace})({quote})({secret})(\4)'.format( blacklist=BLACKLIST_REGEX, closing=CLOSING, quote=QUOTE, @@ -148,7 +149,7 @@ ) FOLLOWED_BY_EQUAL_SIGNS_REGEX = re.compile( # e.g. my_password = bar - r'({blacklist})({quote}?){closing}?{whitespace}={whitespace}({quote}?)({secret})(\3)'.format( + r'({blacklist})({closing})?{whitespace}={whitespace}({quote}?)({secret})(\3)'.format( blacklist=BLACKLIST_REGEX, closing=CLOSING, quote=QUOTE, @@ -158,7 +159,7 @@ ) FOLLOWED_BY_EQUAL_SIGNS_QUOTES_REQUIRED_REGEX = re.compile( # e.g. my_password = "bar" - r'({blacklist})({quote}?){closing}?{whitespace}={whitespace}({quote})({secret})(\3)'.format( + r'({blacklist})({closing})?{whitespace}={whitespace}({quote})({secret})(\3)'.format( blacklist=BLACKLIST_REGEX, closing=CLOSING, quote=QUOTE, @@ -168,8 +169,9 @@ ) FOLLOWED_BY_QUOTES_AND_SEMICOLON_REGEX = re.compile( # e.g. private_key "something"; - r'({blacklist})({secret})?{whitespace}({quote})({secret})(\3);'.format( + r'({blacklist}){nonWhitespace}{whitespace}({quote})({secret})(\2);'.format( blacklist=BLACKLIST_REGEX, + nonWhitespace=OPTIONAL_NON_WHITESPACE, quote=QUOTE, closing=CLOSING, whitespace=OPTIONAL_WHITESPACE, From 71b18110ed727909fc4e149dc081f5beb1b6bf32 Mon Sep 17 00:00:00 2001 From: Bernard A Boateng Date: Thu, 11 Apr 2019 12:12:43 -0400 Subject: [PATCH 2/2] minor change --- detect_secrets/plugins/keyword.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/detect_secrets/plugins/keyword.py b/detect_secrets/plugins/keyword.py index 126340ca1..4fa242b8f 100644 --- a/detect_secrets/plugins/keyword.py +++ b/detect_secrets/plugins/keyword.py @@ -179,14 +179,14 @@ ), ) BLACKLIST_REGEX_TO_GROUP = { - FOLLOWED_BY_COLON_REGEX: 3, + FOLLOWED_BY_COLON_REGEX: 4, FOLLOWED_BY_EQUAL_SIGNS_REGEX: 4, - FOLLOWED_BY_QUOTES_AND_SEMICOLON_REGEX: 4, + FOLLOWED_BY_QUOTES_AND_SEMICOLON_REGEX: 3, } QUOTES_REQUIRED_BLACKLIST_REGEX_TO_GROUP = { - FOLLOWED_BY_COLON_QUOTES_REQUIRED_REGEX: 4, + FOLLOWED_BY_COLON_QUOTES_REQUIRED_REGEX: 5, FOLLOWED_BY_EQUAL_SIGNS_QUOTES_REQUIRED_REGEX: 4, - FOLLOWED_BY_QUOTES_AND_SEMICOLON_REGEX: 4, + FOLLOWED_BY_QUOTES_AND_SEMICOLON_REGEX: 3, } QUOTES_REQUIRED_FILETYPES = {