Merge pull request #123 from killuazhu/contribute-more-basic-auth-cases

Remove some false positives from basic auth

Author: domanchi

detect_secrets/plugins/basic_auth.py

@@ -5,7 +5,8 @@
 from .base import RegexBasedDetector
 
 
-SPECIAL_URL_CHARACTERS = ':/?#[]@'
+RESERVED_CHARACTERS = ':/?#[]@'
+SUB_DELIMITER_CHARACTERS = '!$&\';'  # and anything else we might need
 
 
 class BasicAuthDetector(RegexBasedDetector):
@@ -14,8 +15,8 @@ class BasicAuthDetector(RegexBasedDetector):
     blacklist = [
         re.compile(
             r'://[^{}\s]+:([^{}\s]+)@'.format(
-                re.escape(SPECIAL_URL_CHARACTERS),
-                re.escape(SPECIAL_URL_CHARACTERS),
+                re.escape(RESERVED_CHARACTERS + SUB_DELIMITER_CHARACTERS),
+                re.escape(RESERVED_CHARACTERS + SUB_DELIMITER_CHARACTERS),
             ),
         ),
     ]

tests/plugins/basic_auth_test.py

@@ -12,6 +12,10 @@ class TestBasicAuthDetector(object):
         [
             ('https://username:[email protected]', True,),
             ('http://localhost:5000/<%= @variable %>', False,),
+            ('"https://url:8000";@something else', False,),
+            ('\'https://url:8000\';@something else', False,),
+            ('https://url:8000 @something else', False,),
+            ('https://url:8000/ @something else', False,),
         ],
     )
     def test_analyze_string(self, payload, should_flag):