From ec75572dd3691cb096a5738aa469b59bb43252a0 Mon Sep 17 00:00:00 2001
From: George Tsigourakos <gtsigourakos@skroutz.gr>
Date: Tue, 16 Jul 2024 18:35:31 +0300
Subject: [PATCH] [Fix] Square brackets bypass Issue #857

---
 detect_secrets/filters/heuristic.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/detect_secrets/filters/heuristic.py b/detect_secrets/filters/heuristic.py
index 7fb078181..d7a3e5f12 100644
--- a/detect_secrets/filters/heuristic.py
+++ b/detect_secrets/filters/heuristic.py
@@ -197,7 +197,15 @@ def _get_indirect_reference_regex() -> Pattern:
     #       [^\v]*      ->  Something except line breaks
     #       [\]\)]      ->  End of indirect reference: ] or )
     #   )
-    return re.compile(r'([^\v=!:]*)\s*(:=?|[!=]{1,3})\s*([\w.-]+[\[\(][^\v]*[\]\)])')
+    return re.compile(
+        r'([^\v=!:"<%>]*)\s*(:=?|[!=]{1,3}|\|\|)\s*('
+        r'[\w.-]+[\[\(][^\v]*[\]\)]'    # Matches ENV[...] or similar references
+        r'|'
+        r'\'[^\']*\''                   # Matches single-quoted strings
+        r'|'
+        r'"[^"]*"'                      # Matches double-quoted strings
+        r')'
+    )
 
 
 def is_lock_file(filename: str) -> bool: