Merge pull request #673 from dirkaholic/fix/issue-672

Update regex for AWS secret key (issue #672)

config/gitleaks.toml

@@ -8,7 +8,7 @@ title = "gitleaks config"
 
 [[rules]]
     description = "AWS Secret Key"
-    regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
+    regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
     tags = ["key", "AWS"]
 
 [[rules]]

scan/scan_test.go

@@ -33,7 +33,7 @@ func TestScan(t *testing.T) {
 				Path:         filepath.Join(repoBasePath, "with_square_and_google"),
 				Report:       filepath.Join(expectPath, "results_square_and_google.json.got"),
 				ReportFormat: "json",
-				NoGit:				true,
+				NoGit:        true,
 			},
 			wantPath: filepath.Join(expectPath, "results_square_and_google.json"),
 		},
@@ -69,7 +69,6 @@ func TestScan(t *testing.T) {
 	}
 }
 
-
 func moveDotGit(from, to string) error {
 	repoDirs, err := ioutil.ReadDir("../testdata/repos")
 	if err != nil {

testdata/expect/basic/results.json

@@ -32,5 +32,22 @@
   "file": "secrets.py",
   "date": "2021-09-07T20:29:10-05:00",
   "tags": "key, AWS"
+ },
+ {
+  "line": "aws_secret_access_key = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'",
+  "lineNumber": 10,
+  "offender": "aws_secret_access_key = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
+  "offenderEntropy": -1,
+  "commit": "e7c0aff3e8a60b50a85432fdf933f8beff013743",
+  "repo": "basic",
+  "repoURL": "",
+  "leakURL": "",
+  "rule": "AWS Secret Key",
+  "commitMessage": "adding yelp secrets file\n",
+  "author": "Zach Rice",
+  "email": "zricer@protonmail.com",
+  "file": "secrets.py",
+  "date": "2021-09-07T20:29:10-05:00",
+  "tags": "key, AWS"
  }
 ]

testdata/expect/basic/results_files_at_208ae46.json

@@ -16,6 +16,23 @@
   "date": "2021-09-07T21:11:39-05:00",
   "tags": "key, AWS"
  },
+ {
+  "line": "aws_secret_access_key = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'",
+  "lineNumber": 10,
+  "offender": "aws_secret_access_key = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
+  "offenderEntropy": -1,
+  "commit": "208ae4669ade2563fcaf9f12922fa2c0a5b37c63",
+  "repo": "basic",
+  "repoURL": "",
+  "leakURL": "",
+  "rule": "AWS Secret Key",
+  "commitMessage": "adding another aws secrets\n",
+  "author": "Zach Rice",
+  "email": "zricer@protonmail.com",
+  "file": "secrets.py",
+  "date": "2021-09-07T21:11:39-05:00",
+  "tags": "key, AWS"
+ },
  {
   "line": "aws_access_key_1 = 'AKIAIOSFODNN7EXAMPLE'",
   "lineNumber": 13,

testdata/expect/basic/results_no_git.json

@@ -16,6 +16,23 @@
   "date": "0001-01-01T00:00:00Z",
   "tags": "key, AWS"
  },
+ {
+  "line": "aws_secret_access_key = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'",
+  "lineNumber": 10,
+  "offender": "aws_secret_access_key = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
+  "offenderEntropy": -1,
+  "commit": "",
+  "repo": "",
+  "repoURL": "",
+  "leakURL": "",
+  "rule": "AWS Secret Key",
+  "commitMessage": "",
+  "author": "",
+  "email": "",
+  "file": "secrets.py",
+  "date": "0001-01-01T00:00:00Z",
+  "tags": "key, AWS"
+ },
  {
   "line": "aws_access_key_1 = 'AKIAIOSFODNN7EXAMPLE'",
   "lineNumber": 13,