From ffe3d76bdb3e936f1dd7e5084b0b118a0cf47fde Mon Sep 17 00:00:00 2001 From: Aaron Loo Date: Thu, 7 Feb 2019 15:22:32 -0800 Subject: [PATCH] Adding more delimiters to BasicAuthDetector --- detect_secrets/plugins/basic_auth.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/detect_secrets/plugins/basic_auth.py b/detect_secrets/plugins/basic_auth.py index b95b4a3b..22ff953d 100644 --- a/detect_secrets/plugins/basic_auth.py +++ b/detect_secrets/plugins/basic_auth.py @@ -5,8 +5,13 @@ from .base import RegexBasedDetector +# This list is derived from RFC 3986 Section 2.2. +# +# We do not expect any of these delimiter characters to appear in +# the username/password component of the URL, seeing that this would probably +# result in an unexpected URL parsing (and probably won't even work). RESERVED_CHARACTERS = ':/?#[]@' -SUB_DELIMITER_CHARACTERS = '!$&\';' # and anything else we might need +SUB_DELIMITER_CHARACTERS = '!$&\'()*+,;=' class BasicAuthDetector(RegexBasedDetector):