(fix) Leading = in gitlab v1 token (#4156)

abmussani · web-flow · commit 15fd312ca708 · 2025-05-27T15:32:33.000-05:00
* gitlab key cannot have = as first character

* remove - and _ for first character

* fix: remove extra /
diff --git a/pkg/detectors/gitlab/v1/gitlab.go b/pkg/detectors/gitlab/v1/gitlab.go
@@ -33,7 +33,7 @@ func (Scanner) CloudEndpoint() string { return "https://gitlab.com" }
 
 var (
 	defaultClient = common.SaneHttpClient()
-	keyPat        = regexp.MustCompile(detectors.PrefixRegex([]string{"gitlab"}) + `\b([a-zA-Z0-9\-=_]{20,22})\b`)
+	keyPat        = regexp.MustCompile(detectors.PrefixRegex([]string{"gitlab"}) + `\b([a-zA-Z0-9][a-zA-Z0-9\-=_]{19,21})\b`)
 
 	BlockedUserMessage = "403 Forbidden - Your account has been blocked"
 )
diff --git a/pkg/detectors/gitlab/v1/gitlab_v1_test.go b/pkg/detectors/gitlab/v1/gitlab_v1_test.go
@@ -25,7 +25,9 @@ var (
 		"method": "GET",
 		"deprecated": false
 	}]`
-	secret = "oXCt4JT2wf1_WlZl2OVG"
+	secret        = "oXCt4JT2wf1_WlZl2OVG"
+	validPattern2 = "GITLAB_TOKEN=ABc123456789dEFghIJK"
+	secret2       = "ABc123456789dEFghIJK"
 )
 
 func TestGitLab_Pattern(t *testing.T) {
@@ -42,6 +44,11 @@ func TestGitLab_Pattern(t *testing.T) {
 			input: validPattern,
 			want:  []string{secret},
 		},
+		{
+			name:  "valid pattern (with = before secret)",
+			input: validPattern2,
+			want:  []string{secret2},
+		},
 	}
 
 	for _, test := range tests {

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ func (Scanner) CloudEndpoint() string { return "https://gitlab.com" }`
`33`	`33`
`34`	`34`	`var (`
`35`	`35`	`defaultClient = common.SaneHttpClient()`
`36`		- keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"gitlab"}) + `\b([a-zA-Z0-9\-=_]{20,22})\b`)
	`36`	+ keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"gitlab"}) + `\b([a-zA-Z0-9][a-zA-Z0-9\-=_]{19,21})\b`)
`37`	`37`
`38`	`38`	`BlockedUserMessage = "403 Forbidden - Your account has been blocked"`
`39`	`39`	`)`