Escape - character in regex character groups (#802)

* fix char escape

* add test

* fix verbosity in make test

Makefile

@@ -6,7 +6,7 @@ LDFLAGS=-ldflags "-X=github.com/zricethezav/gitleaks/v8/cmd.Version=$(VERSION)"
 COVER=--cover --coverprofile=cover.out
 
 test-cover:
-	go test ./... --race $(COVER) $(PKG) -v
+	go test -v ./... --race $(COVER) $(PKG)
 	go tool cover -html=cover.out
 
 format:
@@ -14,7 +14,7 @@ format:
 
 test: format
 	go vet ./...
-	go test ./... --race $(PKG) -v
+	go test -v ./... --race $(PKG) 
 
 build: format
 	go vet ./...

config/gitleaks.toml

@@ -124,7 +124,7 @@ regex = '''(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}'''
 [[rules]]
 id = "pypi-upload-token"
 description = "PyPI upload token"
-regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
+regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
 
 [[rules]]
 id = "gcp-service-account"
@@ -233,12 +233,6 @@ description = "Contentful delivery API token"
 regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
 secretGroup = 3
 
-[[rules]]
-id = "contentful-preview-api-token"
-description = "Contentful preview API token"
-regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
-secretGroup = 3
-
 [[rules]]
 id = "databricks-api-token"
 description = "Databricks API token"
@@ -343,22 +337,22 @@ regex = '''FLWSECK_TEST[a-h0-9]{12}'''
 [[rules]]
 id = "frameio-api-token"
 description = "Frame.io API token"
-regex = '''fio-u-(?i)[a-z0-9-_=]{64}'''
+regex = '''fio-u-(?i)[a-z0-9\-_=]{64}'''
 
 [[rules]]
 id = "gocardless-api-token"
 description = "GoCardless API token"
-regex = '''['\"]live_(?i)[a-z0-9-_=]{40}['\"]'''
+regex = '''['\"]live_(?i)[a-z0-9\-_=]{40}['\"]'''
 
 [[rules]]
 id = "grafana-api-token"
 description = "Grafana API token"
-regex = '''['\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\"]'''
+regex = '''['\"]eyJrIjoi(?i)[a-z0-9\-_=]{72,92}['\"]'''
 
 [[rules]]
 id = "hashicorp-tf-api-token"
 description = "HashiCorp Terraform user/org API token"
-regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9-_=]{60,70}['\"]'''
+regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}['\"]'''
 
 [[rules]]
 id = "hubspot-api-token"

detect/detect_test.go

@@ -22,6 +22,25 @@ func TestDetectFindings(t *testing.T) {
 		expectedFindings []report.Finding
 		wantError        error
 	}{
+		{
+			cfgName:  "escaped_character_group",
+			bytes:    []byte(`pypi-AgEIcHlwaS5vcmcAAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAAB`),
+			filePath: "tmp.go",
+			expectedFindings: []report.Finding{
+				{
+					Description: "PyPI upload token",
+					Secret:      "pypi-AgEIcHlwaS5vcmcAAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAAB",
+					Match:       "pypi-AgEIcHlwaS5vcmcAAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAAB",
+					File:        "tmp.go",
+					RuleID:      "pypi-upload-token",
+					Tags:        []string{"key", "pypi"},
+					StartLine:   1,
+					EndLine:     1,
+					StartColumn: 1,
+					EndColumn:   86,
+				},
+			},
+		},
 		{
 			cfgName:  "simple",
 			bytes:    []byte(`awsToken := \"AKIALALEMEL33243OLIA\"`),

testdata/config/escaped_character_group.toml

@@ -0,0 +1,8 @@
+title = "gitleaks config"
+# https://learnxinyminutes.com/docs/toml/ for toml reference
+
+[[rules]]
+    id = "pypi-upload-token"
+    description = "PyPI upload token"
+    regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
+    tags = ["key", "pypi"]