Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Regexps for default Twitter rules ("Twitter Secret Key" and "Twitter Client ID") have a small flaw that make the default configuration vulnerable to some false-positives. I believe these rules should detect the cases like (SOME_CLIENT_ID should be longer): ``` "twitter_client_id": "SOME_CLIENT_ID" ``` However, currently the twitter rules also detect the false positives for the cases like: ``` someObj := twitter.NewObjectWithALongName() config.Twitter.DomainAccessToken ``` I'm trying to address this issue the similar way it's done for facebook client ids and AWS secret keys, where the secret is expected to be quoted.
- Loading branch information