Removed the hardcoded delimiter from checkAndSanitize

JorgeAnzola · Jun 28, 2023 · 97929c5 · 97929c5
1 parent 4ecbb3c
commit 97929c5
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 18 deletions.
diff --git a/src/RegexCollection/ClientSecret.php b/src/RegexCollection/ClientSecret.php
@@ -8,7 +8,7 @@ class ClientSecret implements RegexCollectionInterface
 {
     public function getPattern(): string
     {
-        return "clientSecret";
+        return '/(?<="client_secret":")[A-Za-z0-9_~]{4}\K[A-Za-z0-9_~]{0,}/';
     }
 
     public function getTestableString(): string
@@ -20,5 +20,4 @@ public function isSecret(): bool
     {
         return false;
     }
-
 }
diff --git a/src/RegexCollection/EmailAddress.php b/src/RegexCollection/EmailAddress.php
@@ -8,7 +8,7 @@ class EmailAddress implements RegexCollectionInterface
 {
     public function getPattern(): string
     {
-        return '[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,63}';
+        return '/[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,63}/';
     }
 
     public function getTestableString(): string

diff --git a/src/RegexCollection/JsonWebToken.php b/src/RegexCollection/JsonWebToken.php
@@ -8,7 +8,7 @@ class JsonWebToken implements RegexCollectionInterface
 {
     public function getPattern(): string
     {
-        return 'ey[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+';
+        return '/ey[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+/';
     }
 
     public function getTestableString(): string

diff --git a/src/RegexCollection/Password.php b/src/RegexCollection/Password.php
@@ -8,7 +8,7 @@ class Password implements RegexCollectionInterface
 {
     public function getPattern(): string
     {
-        return 'password';
+        return '/password/';
     }
 
     public function getTestableString(): string

diff --git a/src/Repositories/RegexRepository.php b/src/Repositories/RegexRepository.php
@@ -13,7 +13,7 @@ public function __construct(
 
     public static function checkAndSanitize(string $regex, string $content, int &$hits = 0): string
     {
-        if ($regex == 'password') {
+        if ($regex == '/password/') {
             if (strpos($content, "password") !== false) {
                 $regex = '/"password":\s*"([^"]+)"/i';
                 if (preg_match($regex, $content, $matches, PREG_OFFSET_CAPTURE, 0)) {
@@ -22,22 +22,12 @@ public static function checkAndSanitize(string $regex, string $content, int &$hi
             }
         }
 
-        if ($regex == 'clientSecret'){
-            if (strpos($content, "client_secret") !== false) {
-                $regex='/client_secret[" = :]{0,3}.{40}/i';
-
-                if (preg_match($regex, $content, $matches, PREG_OFFSET_CAPTURE, 0)) {
-                    return str_replace($matches[0], config('scrubber.redaction'), $content);
-                }
-            }
-        }
-
-        return preg_replace("~$regex~i", config('scrubber.redaction'), $content, -1, $hits);
+        return preg_replace($regex, config('scrubber.redaction'), $content, -1, $hits);
     }
 
     public static function check(string $regex, string $content): int
     {
-        return preg_match_all("~$regex~i", $content);
+        return preg_match_all($regex, $content);
     }
 
     public function getRegexCollection(): Collection