From 8a5764c00542ea9bc4c6da5d8959c0d9c3097593 Mon Sep 17 00:00:00 2001
From: John-Paul Dakran <dakranj@yelp.com>
Date: Tue, 1 Feb 2022 08:14:55 -0800
Subject: [PATCH 1/2] Update regex to avoid catastrophic backtracking

---
 detect_secrets/filters/heuristic.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detect_secrets/filters/heuristic.py b/detect_secrets/filters/heuristic.py
index ea70c315b..c3af93f8d 100644
--- a/detect_secrets/filters/heuristic.py
+++ b/detect_secrets/filters/heuristic.py
@@ -181,7 +181,7 @@ def _get_indirect_reference_regex() -> Pattern:
     #       [^\v]*      ->  Something except line breaks
     #       [\]\)]      ->  End of indirect reference: ] or )
     #   )
-    return re.compile(r'([^\v=!:]*)\s*(:=?|[!=]{1,3})\s*([\w.-]+[\[\(][^\v]*[\]\)])')
+    return re.compile(r'(\w+)\s*(:=?|[!=]{1,3})\s*([\w.-]+[\[\(][^\v]*[\]\)])')
 
 
 def is_lock_file(filename: str) -> bool:

From f0351f2e5aa8b7744ae79ca27d6c2bcd73c07e89 Mon Sep 17 00:00:00 2001
From: John-Paul Dakran <dakranj@yelp.com>
Date: Wed, 2 Feb 2022 14:34:07 -0800
Subject: [PATCH 2/2] Keep regex the same. Only run heuristic for lines that
 are less than 1k char since that better suits the intention of the heuristic

---
 detect_secrets/filters/heuristic.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/detect_secrets/filters/heuristic.py b/detect_secrets/filters/heuristic.py
index c3af93f8d..48ab1cc45 100644
--- a/detect_secrets/filters/heuristic.py
+++ b/detect_secrets/filters/heuristic.py
@@ -165,6 +165,8 @@ def is_indirect_reference(line: str) -> bool:
 
         secret = request.headers['apikey']
     """
+    if len(line) > 1000:
+        return False
     return bool(_get_indirect_reference_regex().search(line))
 
 
@@ -181,7 +183,7 @@ def _get_indirect_reference_regex() -> Pattern:
     #       [^\v]*      ->  Something except line breaks
     #       [\]\)]      ->  End of indirect reference: ] or )
     #   )
-    return re.compile(r'(\w+)\s*(:=?|[!=]{1,3})\s*([\w.-]+[\[\(][^\v]*[\]\)])')
+    return re.compile(r'([^\v=!:]*)\s*(:=?|[!=]{1,3})\s*([\w.-]+[\[\(][^\v]*[\]\)])')
 
 
 def is_lock_file(filename: str) -> bool: