Make is_likely_id_string More Strict (#526)

* Make is_likely_id_string more strict to avoid filtering true positives

* Clarify test comment

* Fix regex capturing groups

* Add plural ids to is_likely_id_string regex

* Add regex detail comments

Author: jpdakran

detect_secrets/filters/heuristic.py

@@ -68,7 +68,14 @@ def is_likely_id_string(secret: str, line: str) -> bool:
 
 @lru_cache(maxsize=1)
 def _get_id_detector_regex() -> Pattern:
-    return re.compile(r'id[^a-z0-9]', re.IGNORECASE)
+    """
+    Regex Details:
+    ^(id|myid|userid) -> Common id identifiers with no prefix
+    _id               -> id identifier with prefixes allowed
+    s?                -> Optional plural id identifier
+    [^a-z0-9]         -> Non-letter/numeric character
+    """
+    return re.compile(r'(^(id|myid|userid)|_id)s?[^a-z0-9]', re.IGNORECASE)
 
 
 def is_non_text_file(filename: str) -> bool:

tests/filters/heuristic_filter_test.py

@@ -63,6 +63,14 @@ class TestIsLikelyIdString:
             ('RANDOM_STRING', 'myid: RANDOM_STRING'),
             ('RANDOM_STRING', 'myid=RANDOM_STRING'),
             ('RANDOM_STRING', 'myid = RANDOM_STRING'),
+            ('RANDOM_STRING', 'userid: RANDOM_STRING'),
+            ('RANDOM_STRING', 'userid=RANDOM_STRING'),
+            ('RANDOM_STRING', 'userid = RANDOM_STRING'),
+            ('RANDOM_STRING', 'data test_id: RANDOM_STRING'),
+            ('RANDOM_STRING', 'data test_id=RANDOM_STRING'),
+            ('RANDOM_STRING', 'data test_id = RANDOM_STRING'),
+            ('RANDOM_STRING', 'ids = RANDOM_STRING, RANDOM_STRING'),
+            ('RANDOM_STRING', 'my_ids: RANDOM_STRING, RANDOM_STRING'),
         ],
     )
     def test_success(self, secret, line):
@@ -79,6 +87,9 @@ def test_success(self, secret, line):
 
             # fail silently if the secret isn't even on the line
             ('SOME_RANDOM_STRING', 'id: SOME_OTHER_RANDOM_STRING'),
+
+            # fail although the word david ends in id
+            ('RANDOM_STRING', 'postgres://david:RANDOM_STRING'),
         ],
     )
     def test_failure(self, secret, line):