fix: break reserve and delimiter list

Xianjun Zhu · Xianjun Zhu · commit 3e179cd551d0 · 2019-02-07T17:44:09.000-05:00
diff --git a/detect_secrets/plugins/basic_auth.py b/detect_secrets/plugins/basic_auth.py
@@ -5,7 +5,8 @@
 from .base import RegexBasedDetector
 
 
-SPECIAL_URL_CHARACTERS = ':/?#[]@"\''
+RESERVED_CHARACTERS = ':/?#[]@'
+SUB_DELIMITER_CHARACTERS = '!$&\';'  # and anything else we might need
 
 
 class BasicAuthDetector(RegexBasedDetector):
@@ -14,8 +15,8 @@ class BasicAuthDetector(RegexBasedDetector):
     blacklist = [
         re.compile(
             r'://[^{}\s]+:([^{}\s]+)@'.format(
-                re.escape(SPECIAL_URL_CHARACTERS),
-                re.escape(SPECIAL_URL_CHARACTERS),
+                re.escape(RESERVED_CHARACTERS + SUB_DELIMITER_CHARACTERS),
+                re.escape(RESERVED_CHARACTERS + SUB_DELIMITER_CHARACTERS),
             ),
         ),
     ]
