search

microsoft / security-utilities

Security utilities for key generation, string redaction, etc.
MIT License
24 stars 9 forks source link

SEC101/061.LooseOAuth2BearerToken regular expression cannot be parsed #51

Closed suvamM closed 2 months ago

suvamM commented 3 months ago

Stack trace:

  Message: 
    Test method Microsoft.Security.Utilities.SecretMaskerTests.SecretMasker_LowConfidenceSecurityModels_Masking threw exception: 
    System.ArgumentException: RE2 could not parse regular expression "(?i)authorization:(\s|%20)bearer(\s|%20)<?<refine>[0-9a-z][abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-_~.+/=]*)[^[abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-_~.+/=]".

  Stack Trace: 
    Regex2.BuildRegex(ParsedRegexCache cache, String expression, RegexOptions options, Int64 maxMemory)
    <Matches>d__11.MoveNext()
    <Matches>d__5.MoveNext()
    <Matches>d__1.MoveNext() line 19
    <GetDetections>d__5.MoveNext() line 195
    <DetectSecrets>d__36.MoveNext() line 368
    Buffer`1.ctor(IEnumerable`1 source)
    <GetEnumerator>d__1.MoveNext()
    SecretMasker.MaskSecrets(String input) line 144
    SecretMaskerTests.ValidateSecurityModelsMasking(IEnumerable`1 patterns, IRegexEngine engine, Boolean lowEntropyModels) line 157
    SecretMaskerTests.SecretMasker_LowConfidenceSecurityModels_Masking() line 126

Repro steps: Remove SEC101/061.LooseOAuth2BearerToken from the exclusion list in WellKnownRegexPatternsTest. Re-run all tests.