fixed uri regex issue (#3815)

kashifkhan0771 · web-flow · commit d01060718c07 · 2025-02-12T19:17:33.000-06:00
* fixed uri regex issue

* extended password special char set

* rebased

* updated test case

* added rgmz suggested regex

* updated regex
diff --git a/pkg/detectors/privacy/privacy.go b/pkg/detectors/privacy/privacy.go
@@ -3,10 +3,11 @@ package privacy
 import (
 	"context"
 	"fmt"
-	regexp "github.com/wasilibs/go-re2"
 	"net/http"
 	"strings"
 
+	regexp "github.com/wasilibs/go-re2"
+
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
diff --git a/pkg/detectors/uri/uri.go b/pkg/detectors/uri/uri.go
@@ -30,7 +30,7 @@ var _ interface {
 } = (*Scanner)(nil)
 
 var (
-	keyPat = regexp.MustCompile(`\b(?:https?:)?\/\/[\S]{3,50}:([\S]{3,50})@[-.%\w\/:]+\b`)
+	keyPat = regexp.MustCompile(`\bhttps?:\/\/[\w!#$%&()*+,\-./;<=>?@[\\\]^_{|}~]{0,50}:([\w!#$%&()*+,\-./:;<=>?[\\\]^_{|}~]{3,50})@[a-zA-Z0-9.-]+(?:\.[a-zA-Z]{2,})?(?::\d{1,5})?[\w/]+\b`)
 
 	// TODO: make local addr opt-out
 	defaultClient = detectors.DetectorHttpClientWithNoLocalAddresses
@@ -131,6 +131,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 				continue
 			}
 		}
+
 		results = append(results, r)
 	}
 
diff --git a/pkg/detectors/uri/uri_test.go b/pkg/detectors/uri/uri_test.go
@@ -13,6 +13,7 @@ import (
 
 var (
 	validPattern   = "https://kaNydBSAodo87dsm9asuiSAFtsd7.com:1234@qYY3SylY7fHP"
+	validPattern2  = `<p><a href="http://username:password@127.0.0.1">http://username:password@127.0.0.1</a></p>`
 	invalidPattern = "https://kaNydBSAodo87dsm9asuiSAFtsd7.com.1234@qYY3SylY7fHP"
 	keyword        = "uri"
 )
@@ -30,6 +31,11 @@ func TestURI_Pattern(t *testing.T) {
 			input: fmt.Sprintf("%s token = '%s'", keyword, validPattern),
 			want:  []string{validPattern},
 		},
+		{
+			name:  "valid pattern - do not process duplicate",
+			input: fmt.Sprintf("%s token = '%s'", keyword, validPattern2),
+			want:  []string{"http://username:password@127.0.0.1"},
+		},
 		{
 			name:  "invalid pattern",
 			input: fmt.Sprintf("%s = '%s'", keyword, invalidPattern),

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ var _ interface {`
`30`	`30`	`} = (*Scanner)(nil)`
`31`	`31`
`32`	`32`	`var (`
`33`		- keyPat = regexp.MustCompile(`\b(?:https?:)?\/\/[\S]{3,50}:([\S]{3,50})@[-.%\w\/:]+\b`)
	`33`	+ keyPat = regexp.MustCompile(`\bhttps?:\/\/[\w!#$%&()+,\-./;<=>?@[\\\]^_{\|}~]{0,50}:([\w!#$%&()+,\-./:;<=>?[\\\]^_{\|}~]{3,50})@[a-zA-Z0-9.-]+(?:\.[a-zA-Z]{2,})?(?::\d{1,5})?[\w/]+\b`)
`34`	`34`
`35`	`35`	`// TODO: make local addr opt-out`
`36`	`36`	`defaultClient = detectors.DetectorHttpClientWithNoLocalAddresses`
`@@ -131,6 +131,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result`
`131`	`131`	`continue`
`132`	`132`	`}`
`133`	`133`	`}`
	`134`	`+`
`134`	`135`	`results = append(results, r)`
`135`	`136`	`}`
`136`	`137`