Substantially improved and revamped credential pattern matching (See testing/regex_testing/test_cases.txt for a comprehensive set of examples for all pattern matching enhancements listed in this update)

• Added support for XML formatted passwords/secrets
• Added support for Password: notquotedvalue (we already support password followed by equal sign... this was just for colon without quotes)
• Condensed regexes (easier to maintain and keep everything in sync)
• Increased our testing suite to over 1,100 test cases
• Enhanced environment variable detection including increased language support (${variable}, #{variable}, %%variable%%, etc..)
  • Password/secret/key values beginning with $ will not be flagged unless an additional numeric or special character is included in the value: myPwd = $uperStr0ng will be flagged, but myPwd = $password will not be flagged as it is assumed a variable (known limitation: we do not yet process regexes based on file extension)
  • Password/secret/key values wrapped in ${}, #{}, or {} are assumed variables and will not be flagged even if they contain a numeric value i.e. apiKey = $S3_APIKEY will be flagged, but apiKey = ${S3_APIKEY} will not be flagged
  • XML formatted passwords/secrets/keys have an additional environment variable check to consider values wrapped in %% environment variables i.e. <Password>%%variable%%</Password> is considered a variable
• Updated keys regex to look for more characters (matches password chars now)
• A wider range of special characters will now be included to help identify more hard-coded credentials
• Overall reduction in false positives due to new credential character requirements
  • To be flagged as a hard-coded password/secret/key the value must now include at least one special or numeric character

Updated SEDATED® references from ℠ to ®