fix: correct regex anchor #310
Conversation
|
KICS version: v1.7.13
|
|
Great job! No new security vulnerabilities introduced in this pull request |
cx-miguel-neiva
force-pushed
the
fix/regex-last-line-anchor
branch
from
0fe47da to
4fdbe8b
Compare
| ) | ||
|
|
||
| // Detector is the main detector struct | ||
| type Detector struct { |
There was a problem hiding this comment.
I think this should be a wrapper, hold a pointer to the gileaks detector and leave the most of it to the gitleaks detector. Only pull something to here if absolutely necessary.
There was a problem hiding this comment.
The same for the other structs.
| if runtime.GOOS == "windows" { | ||
| executable += ".exe" | ||
| } |
There was a problem hiding this comment.
can we avoid this? The tests will run on linux always on CI/CD and locally its nice if you develop making sure that the tests will pass on CI/CD. To fix this for your side, you should just run the tests on WSL.
| - be73c0549f927433e81284de4b3d1094fc3e0e20 # engine/engine_test.go - generic-api-key | ||
| - 234b995eeac64bf996c32397906ff8ce1aacbe10 # engine/engine_test.go - jfrog-api-key |
There was a problem hiding this comment.
I think you have some ids repeated (they changed IDs between commits but they refer to the same secret). Can you completely clean your changes in this file and run 2ms so you can add them in one go to avoid cluttering the file unecessarily.
Closes #307
Proposed Changes
$stopped matching end-of-line in multi-line files, which affected detection of secrets stored on a single line (e.g., in files namedPASSWORDorSECRET).regexp.MustCompile("\n|$").FindAllStringIndex(fragment.Raw, -1),so that
$in regex rules continues to match end-of-line as expected.$for line endings.detectlogic into our own codebase, allowing us to adjust and maintain the detection behavior as required.Checklist