Escape - character in regex character groups (#802)

* fix char escape * add test * fix verbosity in make test
gitleaks · Mar 7, 2022 · 9326f35 · 9326f35
1 parent 1955557
commit 9326f35
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 13 deletions.
diff --git a/Makefile b/Makefile
@@ -6,15 +6,15 @@ LDFLAGS=-ldflags "-X=github.com/zricethezav/gitleaks/v8/cmd.Version=$(VERSION)"
 COVER=--cover --coverprofile=cover.out
 
 test-cover:
-	go test ./... --race $(COVER) $(PKG) -v
+	go test -v ./... --race $(COVER) $(PKG)
 	go tool cover -html=cover.out
 
 format:
 	go fmt ./...
 
 test: format
 	go vet ./...
-	go test ./... --race $(PKG) -v
+	go test -v ./... --race $(PKG) 
 
 build: format
 	go vet ./...

diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -124,7 +124,7 @@ regex = '''(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}'''
 [[rules]]
 id = "pypi-upload-token"
 description = "PyPI upload token"
-regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
+regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
 
 [[rules]]
 id = "gcp-service-account"
@@ -233,12 +233,6 @@ description = "Contentful delivery API token"
 regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
 secretGroup = 3
 
-[[rules]]
-id = "contentful-preview-api-token"
-description = "Contentful preview API token"
-regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
-secretGroup = 3
-
 [[rules]]
 id = "databricks-api-token"
 description = "Databricks API token"
@@ -343,22 +337,22 @@ regex = '''FLWSECK_TEST[a-h0-9]{12}'''
 [[rules]]
 id = "frameio-api-token"
 description = "Frame.io API token"
-regex = '''fio-u-(?i)[a-z0-9-_=]{64}'''
+regex = '''fio-u-(?i)[a-z0-9\-_=]{64}'''
 
 [[rules]]
 id = "gocardless-api-token"
 description = "GoCardless API token"
-regex = '''['\"]live_(?i)[a-z0-9-_=]{40}['\"]'''
+regex = '''['\"]live_(?i)[a-z0-9\-_=]{40}['\"]'''
 
 [[rules]]
 id = "grafana-api-token"
 description = "Grafana API token"
-regex = '''['\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\"]'''
+regex = '''['\"]eyJrIjoi(?i)[a-z0-9\-_=]{72,92}['\"]'''
 
 [[rules]]
 id = "hashicorp-tf-api-token"
 description = "HashiCorp Terraform user/org API token"
-regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9-_=]{60,70}['\"]'''
+regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}['\"]'''
 
 [[rules]]
 id = "hubspot-api-token"

diff --git a/detect/detect_test.go b/detect/detect_test.go
@@ -22,6 +22,25 @@ func TestDetectFindings(t *testing.T) {
 		expectedFindings []report.Finding
 		wantError        error
 	}{
+		{
+			cfgName:  "escaped_character_group",
+			bytes:    []byte(`pypi-AgEIcHlwaS5vcmcAAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAAB`),
+			filePath: "tmp.go",
+			expectedFindings: []report.Finding{
+				{
+					Description: "PyPI upload token",
+					Secret:      "pypi-AgEIcHlwaS5vcmcAAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAAB",
+					Match:       "pypi-AgEIcHlwaS5vcmcAAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAAB",
+					File:        "tmp.go",
+					RuleID:      "pypi-upload-token",
+					Tags:        []string{"key", "pypi"},
+					StartLine:   1,
+					EndLine:     1,
+					StartColumn: 1,
+					EndColumn:   86,
+				},
+			},
+		},
 		{
 			cfgName:  "simple",
 			bytes:    []byte(`awsToken := \"AKIALALEMEL33243OLIA\"`),

diff --git a/testdata/config/escaped_character_group.toml b/testdata/config/escaped_character_group.toml
@@ -0,0 +1,8 @@
+title = "gitleaks config"
+# https://learnxinyminutes.com/docs/toml/ for toml reference
+
+[[rules]]
+    id = "pypi-upload-token"
+    description = "PyPI upload token"
+    regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
+    tags = ["key", "pypi"]
diff --git a/testdata/repos/small/dotGit/index b/testdata/repos/small/dotGit/index