fix: correcting regex matching and default arguments

cjbohlman · cjbohlman · commit dd3e876e1fb3 · 2025-06-25T19:57:14.000-07:00
diff --git a/action.yml b/action.yml
@@ -10,7 +10,7 @@ inputs:
   scanners:
     description: 'Comma-separated list of scanners to run (secrets,ip_address)'
     required: false
-    default: 'secrets,ip_address'
+    default: 'secrets,ip_address,comment'
   format:
     description: 'Output format (text, json, sarif)'
     required: false
diff --git a/src/snake_containment/cli.py b/src/snake_containment/cli.py
@@ -27,8 +27,8 @@ def cli():
               help='Output file (default: stdout)')
 @click.option('--scanner', '-s',
               multiple=True,
-              type=click.Choice(['secrets', 'ip_address']),
-              default=['secrets'],
+              type=click.Choice(['secrets', 'ip_address', 'comment']),
+              default=['secrets', 'ip_address', 'comment'],
               help='Scanners to run')
 def scan(target_path: str, format: str, output: str, scanner: List[str]):
     """Scan target path for security issues"""
diff --git a/src/snake_containment/core/ip_address.py b/src/snake_containment/core/ip_address.py
@@ -25,7 +25,16 @@ def __init__(self, config=None):
         self.private_ip_pattern = re.compile('|'.join(f'({pattern})' for pattern in private_ip_patterns))
         
         # More precise localhost pattern (word boundaries)
-        self.localhost_pattern = re.compile(r'\blocalhost\b', re.IGNORECASE)
+        self.localhost_patterns = [
+            re.compile(r'"[^"]*localhost[^"]*"', re.IGNORECASE),
+            re.compile(r"'[^']*localhost[^']*'", re.IGNORECASE),
+            re.compile(r'host\s*[=:]\s*"[^"]*localhost[^"]*"', re.IGNORECASE),
+            re.compile(r"host\s*[=:]\s*'[^']*localhost[^']*'", re.IGNORECASE),
+            re.compile(r'server\s*[=:]\s*"[^"]*localhost[^"]*"', re.IGNORECASE),
+            re.compile(r"server\s*[=:]\s*'[^']*localhost[^']*'", re.IGNORECASE),
+            re.compile(r'host\s*[=:]\s*localhost\b', re.IGNORECASE),
+            re.compile(r'server\s*[=:]\s*localhost\b', re.IGNORECASE),
+        ]
 
     @property
     def name(self) -> str:
@@ -62,17 +71,18 @@ def scan_file(self, file_path: Path) -> List[Finding]:
                 ))
             
             # Localhost references
-            for match in self.localhost_pattern.finditer(line):
-                findings.append(Finding(
-                    scanner=self.name,
-                    severity=Severity.LOW,
-                    title="Localhost Reference Found",
-                    description="Reference to localhost detected",
-                    file_path=str(file_path),
-                    line_number=line_num,
-                    code_snippet=self._truncate_code_snippet(line.strip()),
-                    recommendation="Ensure localhost references are intentional and not hardcoded for production",
-                    metadata={"reference": "localhost"}
+            for pattern in self.localhost_patterns:
+                for match in pattern.finditer(line):
+                    findings.append(Finding(
+                        scanner=self.name,
+                        severity=Severity.LOW,
+                        title="Localhost Reference Found",
+                        description="Reference to localhost detected",
+                        file_path=str(file_path),
+                        line_number=line_num,
+                        code_snippet=self._truncate_code_snippet(line.strip()),
+                        recommendation="Ensure localhost references are intentional and not hardcoded for production",
+                        metadata={"reference": "localhost"}
                 ))
         
         return findings
diff --git a/test_file.txt b/test_file.txt
