tidy up regexes - Githubissues

cloud-gov / caulking

Prevent leaks with gitleaks, and use tests to validate

Other

32 stars 11 forks source link

tidy up regexes #55

Closed bengerman13 closed 2 years ago

bengerman13 commented 2 years ago

Changes proposed in this pull request:

replace character set with character class
remove unneeded pipe from quote sets
escape slashes so we'll catch them
add some punctuation to username tests

security considerations

Catch more secrets

pburkholder commented 2 years ago

This is good. The regexes won't catch every multi-line potential secret, as that would result in an avalanche of false positives. It'll trigger for regexes that look like they intend to continue. E.g.:

    app.secret_key = (
        "\x07~m\xde\x76\xda\x18\x6f!\x86\xdf_@%\xf1{\xbb\xe8)\xcbV\xde\x84\xc3"

does get caught. But

    app.secret_key
        "\x07~m\xde\x76\xda\x18\x6f!\x86\xdf_@%\xf1{\xbb\xe8)\xcbV\xde\x84\xc3"
     )

is not caught.