[fix] - Sonarcloud detector (#3982)

kagahd · web-flow · commit ded5f45b92c0 · 2025-03-18T12:25:56.000-07:00
diff --git a/pkg/detectors/sonarcloud/sonarcloud.go b/pkg/detectors/sonarcloud/sonarcloud.go
@@ -21,7 +21,7 @@ var (
 	client = common.SaneHttpClient()
 
 	// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.
-	keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"sonar"}) + `\b([0-9a-z]{40})\b`)
+	keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"sonar"}) + `(?:^|[^@])\b([0-9a-z]{40})\b`)
 )
 
 // Keywords are used for efficiently pre-filtering chunks.
diff --git a/pkg/detectors/sonarcloud/sonarcloud_test.go b/pkg/detectors/sonarcloud/sonarcloud_test.go
@@ -45,6 +45,11 @@ func TestSonarCloud_Pattern(t *testing.T) {
 			input: fmt.Sprintf("%s = '%s'", keyword, invalidPattern),
 			want:  []string{},
 		},
+		{
+			name:  "invalid pattern - token directly preceded by @",
+			input: fmt.Sprintf("%s token = '@%s'", keyword, validPattern),
+			want:  []string{},
+		},
 	}
 
 	for _, test := range tests {

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ var (`
`21`	`21`	`client = common.SaneHttpClient()`
`22`	`22`
`23`	`23`	`// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.`
`24`		- keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"sonar"}) + `\b([0-9a-z]{40})\b`)
	`24`	+ keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"sonar"}) + `(?:^\|[^@])\b([0-9a-z]{40})\b`)
`25`	`25`	`)`
`26`	`26`
`27`	`27`	`// Keywords are used for efficiently pre-filtering chunks.`