[Fix] Square brackets bypass Issue Yelp#857

tsigouris007 · Nov 7, 2024 · ec75572 · ec75572
1 parent 74ce23f
commit ec75572
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/detect_secrets/filters/heuristic.py b/detect_secrets/filters/heuristic.py
@@ -197,7 +197,15 @@ def _get_indirect_reference_regex() -> Pattern:
     #       [^\v]*      ->  Something except line breaks
     #       [\]\)]      ->  End of indirect reference: ] or )
     #   )
-    return re.compile(r'([^\v=!:]*)\s*(:=?|[!=]{1,3})\s*([\w.-]+[\[\(][^\v]*[\]\)])')
+    return re.compile(
+        r'([^\v=!:"<%>]*)\s*(:=?|[!=]{1,3}|\|\|)\s*('
+        r'[\w.-]+[\[\(][^\v]*[\]\)]'    # Matches ENV[...] or similar references
+        r'|'
+        r'\'[^\']*\''                   # Matches single-quoted strings
+        r'|'
+        r'"[^"]*"'                      # Matches double-quoted strings
+        r')'
+    )
 
 
 def is_lock_file(filename: str) -> bool: