Merge pull request Checkmarx#6535 from Checkmarx/kics-896

fix(inspector): Change regex special mask
baruchiro · Jul 28, 2023 · 962a078 · 962a078
2 parents 2373004 + b939efc
commit 962a078
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/assets/queries/common/passwords_and_secrets/regex_rules.json b/assets/queries/common/passwords_and_secrets/regex_rules.json
@@ -160,7 +160,8 @@
       "regex": "['\"]?(?i)heroku((.|\\n)*)\\b([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})\\b['\"]?",
       "multiline": {
         "detectLineGroup": 3
-      }
+      },
+      "specialMask": "['\"]?(?i)api_key[^\\w\"']+"
     },
     {
       "id": "bb51eb1e-0357-44a2-86d7-dd5350cffd43",

diff --git a/pkg/engine/secrets/inspector.go b/pkg/engine/secrets/inspector.go
@@ -671,7 +671,7 @@ func hideSecret(linesVuln *model.VulnerabilityLines,
 			regex := query.RegexStr
 
 			if len(query.SpecialMask) > 0 {
-				regex = "(.+)" + query.SpecialMask // get key
+				regex = "(.*)" + query.SpecialMask // get key
 			}
 
 			var re = regexp.MustCompile(regex)