detector: compile regular expressions at build time instead of at run…

…time, improves #152
thoughtworks · Oct 28, 2019 · cbb3882 · cbb3882
1 parent d977d15
commit cbb3882
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 30 deletions.
diff --git a/detector/match_pattern.go b/detector/match_pattern.go
@@ -20,14 +20,6 @@ func (detector PatternMatcher) check(content string) []string {
 	return []string{""}
 }
 
-func initPattern(patternStrings []string) *PatternMatcher {
-	var patterns = make([]*regexp.Regexp, len(patternStrings))
-	for i, pattern := range patternStrings {
-		patterns[i], _ = regexp.Compile(pattern)
-	}
+func NewSecretsPatternDetector(patterns []*regexp.Regexp) *PatternMatcher {
 	return &PatternMatcher{patterns}
 }
-
-func NewSecretsPatternDetector(patterns []string) *PatternMatcher {
-	return initPattern(patterns)
-}
diff --git a/detector/match_pattern_test.go b/detector/match_pattern_test.go
@@ -2,14 +2,20 @@ package detector
 
 import (
 	"github.com/stretchr/testify/assert"
+	"regexp"
 	"testing"
 )
 
+var (
+	testRegexpPassword = regexp.MustCompile(`(?i)(['|"|_]?password['|"]? *[:|=][^,|;]{8,})`)
+	testRegexpPw       = regexp.MustCompile(`(?i)(['|"|_]?pw['|"]? *[:|=][^,|;]{8,})`)
+)
+
 func TestShouldReturnEmptyStringWhenDoesNotMatchAnyRegex(t *testing.T) {
-	assert.Equal(t, "", NewSecretsPatternDetector([]string{"(?i)(['|\"|_]?password['|\"]? *[:|=][^,|;]{8,})"}).check("safeString")[0])
+	assert.Equal(t, "", NewSecretsPatternDetector([]*regexp.Regexp{testRegexpPassword}).check("safeString")[0])
 }
 
 func TestShouldReturnStringWhenMatchedPasswordPattern(t *testing.T) {
-	assert.Equal(t, []string{"password\" :  123456789"}, NewSecretsPatternDetector([]string{"(?i)(['|\"|_]?password['|\"]? *[:|=][^,|;]{8,})"}).check("password\" :  123456789"))
-	assert.Equal(t, []string{"pw\"  :  123456789"}, NewSecretsPatternDetector([]string{"(?i)(['|\"|_]?pw['|\"]? *[:|=][^,|;]{8,})"}).check("pw\"  :  123456789"))
+	assert.Equal(t, []string{"password\" :  123456789"}, NewSecretsPatternDetector([]*regexp.Regexp{testRegexpPassword}).check("password\" :  123456789"))
+	assert.Equal(t, []string{"pw\"  :  123456789"}, NewSecretsPatternDetector([]*regexp.Regexp{testRegexpPw}).check("pw\"  :  123456789"))
 }
diff --git a/detector/pattern_detector.go b/detector/pattern_detector.go
@@ -3,6 +3,7 @@ package detector
 import (
 	"fmt"
 	log "github.com/Sirupsen/logrus"
+	"regexp"
 	"sync"
 	"talisman/gitrepo"
 )
@@ -11,6 +12,25 @@ type PatternDetector struct {
 	secretsPattern *PatternMatcher
 }
 
+var (
+	detectorPatterns = []*regexp.Regexp{
+		regexp.MustCompile("(?i)(['|\"|_]?password['|\"]? *[:|=][^,|;|\n]{8,})"),
+		regexp.MustCompile("(?i)(['|\"|_]?pw['|\"]? *[:|=][^,|;|\n]{8,})"),
+		regexp.MustCompile("(?i)(['|\"|_]?pwd['|\"]? *[:|=][^,|;|\n]{8,})"),
+		regexp.MustCompile("(?i)(['|\"|_]?pass['|\"]? *[:|=][^,|;|\n]{8,})"),
+		regexp.MustCompile("(?i)(['|\"|_]?pword['|\"]? *[:|=][^,|;|\n]{8,})"),
+		regexp.MustCompile("(?i)(['|\"|_]?adminPassword['|\"]? *[:|=|\n][^,|;]{8,})"),
+		regexp.MustCompile("(?i)(['|\"|_]?passphrase['|\"]? *[:|=|\n][^,|;]{8,})"),
+		regexp.MustCompile("(<[^(><.)]?password[^(><.)]*?>[^(><.)]+</[^(><.)]?password[^(><.)]*?>)"),
+		regexp.MustCompile("(<[^(><.)]?passphrase[^(><.)]*?>[^(><.)]+</[^(><.)]?passphrase[^(><.)]*?>)"),
+		regexp.MustCompile("(?i)(<ConsumerKey>\\S*<\\/ConsumerKey>)"),
+		regexp.MustCompile("(?i)(<ConsumerSecret>\\S*<\\/ConsumerSecret>)"),
+		regexp.MustCompile("(?i)(AWS[ |\\w]+key[ |\\w]+[:|=])"),
+		regexp.MustCompile("(?i)(AWS[ |\\w]+secret[ |\\w]+[:|=])"),
+		regexp.MustCompile("(?s)(BEGIN RSA PRIVATE KEY.*END RSA PRIVATE KEY)"),
+	}
+)
+
 type match struct {
 	name       gitrepo.FileName
 	path       gitrepo.FilePath
@@ -88,22 +108,5 @@ func (detector PatternDetector) processMatch(match match, result *DetectionResul
 
 //NewPatternDetector returns a PatternDetector that tests Additions against the pre-configured patterns
 func NewPatternDetector() *PatternDetector {
-	patternStrings := []string{
-		"(?i)(['|\"|_]?password['|\"]? *[:|=][^,|;|\n]{8,})",
-		"(?i)(['|\"|_]?pw['|\"]? *[:|=][^,|;|\n]{8,})",
-		"(?i)(['|\"|_]?pwd['|\"]? *[:|=][^,|;|\n]{8,})",
-		"(?i)(['|\"|_]?pass['|\"]? *[:|=][^,|;|\n]{8,})",
-		"(?i)(['|\"|_]?pword['|\"]? *[:|=][^,|;|\n]{8,})",
-		"(?i)(['|\"|_]?adminPassword['|\"]? *[:|=|\n][^,|;]{8,})",
-		"(?i)(['|\"|_]?passphrase['|\"]? *[:|=|\n][^,|;]{8,})",
-		"(<[^(><.)]?password[^(><.)]*?>[^(><.)]+</[^(><.)]?password[^(><.)]*?>)",
-		"(<[^(><.)]?passphrase[^(><.)]*?>[^(><.)]+</[^(><.)]?passphrase[^(><.)]*?>)",
-		"(?i)(<ConsumerKey>\\S*<\\/ConsumerKey>)",
-		"(?i)(<ConsumerSecret>\\S*<\\/ConsumerSecret>)",
-		"(?i)(AWS[ |\\w]+key[ |\\w]+[:|=])",
-		"(?i)(AWS[ |\\w]+secret[ |\\w]+[:|=])",
-		"(?s)(BEGIN RSA PRIVATE KEY.*END RSA PRIVATE KEY)",
-	}
-
-	return &PatternDetector{NewSecretsPatternDetector(patternStrings)}
+	return &PatternDetector{NewSecretsPatternDetector(detectorPatterns)}
 }