Skip to content

Commit dd3e876

Browse files
committed
fix: correcting regex matching and default arguments
1 parent c4d0650 commit dd3e876

File tree

4 files changed

+25
-18
lines changed

4 files changed

+25
-18
lines changed

action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ inputs:
1010
scanners:
1111
description: 'Comma-separated list of scanners to run (secrets,ip_address)'
1212
required: false
13-
default: 'secrets,ip_address'
13+
default: 'secrets,ip_address,comment'
1414
format:
1515
description: 'Output format (text, json, sarif)'
1616
required: false

src/snake_containment/cli.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,8 +27,8 @@ def cli():
2727
help='Output file (default: stdout)')
2828
@click.option('--scanner', '-s',
2929
multiple=True,
30-
type=click.Choice(['secrets', 'ip_address']),
31-
default=['secrets'],
30+
type=click.Choice(['secrets', 'ip_address', 'comment']),
31+
default=['secrets', 'ip_address', 'comment'],
3232
help='Scanners to run')
3333
def scan(target_path: str, format: str, output: str, scanner: List[str]):
3434
"""Scan target path for security issues"""

src/snake_containment/core/ip_address.py

Lines changed: 22 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,16 @@ def __init__(self, config=None):
2525
self.private_ip_pattern = re.compile('|'.join(f'({pattern})' for pattern in private_ip_patterns))
2626

2727
# More precise localhost pattern (word boundaries)
28-
self.localhost_pattern = re.compile(r'\blocalhost\b', re.IGNORECASE)
28+
self.localhost_patterns = [
29+
re.compile(r'"[^"]*localhost[^"]*"', re.IGNORECASE),
30+
re.compile(r"'[^']*localhost[^']*'", re.IGNORECASE),
31+
re.compile(r'host\s*[=:]\s*"[^"]*localhost[^"]*"', re.IGNORECASE),
32+
re.compile(r"host\s*[=:]\s*'[^']*localhost[^']*'", re.IGNORECASE),
33+
re.compile(r'server\s*[=:]\s*"[^"]*localhost[^"]*"', re.IGNORECASE),
34+
re.compile(r"server\s*[=:]\s*'[^']*localhost[^']*'", re.IGNORECASE),
35+
re.compile(r'host\s*[=:]\s*localhost\b', re.IGNORECASE),
36+
re.compile(r'server\s*[=:]\s*localhost\b', re.IGNORECASE),
37+
]
2938

3039
@property
3140
def name(self) -> str:
@@ -62,17 +71,18 @@ def scan_file(self, file_path: Path) -> List[Finding]:
6271
))
6372

6473
# Localhost references
65-
for match in self.localhost_pattern.finditer(line):
66-
findings.append(Finding(
67-
scanner=self.name,
68-
severity=Severity.LOW,
69-
title="Localhost Reference Found",
70-
description="Reference to localhost detected",
71-
file_path=str(file_path),
72-
line_number=line_num,
73-
code_snippet=self._truncate_code_snippet(line.strip()),
74-
recommendation="Ensure localhost references are intentional and not hardcoded for production",
75-
metadata={"reference": "localhost"}
74+
for pattern in self.localhost_patterns:
75+
for match in pattern.finditer(line):
76+
findings.append(Finding(
77+
scanner=self.name,
78+
severity=Severity.LOW,
79+
title="Localhost Reference Found",
80+
description="Reference to localhost detected",
81+
file_path=str(file_path),
82+
line_number=line_num,
83+
code_snippet=self._truncate_code_snippet(line.strip()),
84+
recommendation="Ensure localhost references are intentional and not hardcoded for production",
85+
metadata={"reference": "localhost"}
7686
))
7787

7888
return findings

test_file.txt

Lines changed: 0 additions & 3 deletions
This file was deleted.

0 commit comments

Comments
 (0)