Support more db2 patterns (Yelp#293)

XIANJUN ZHU · Justin Eyster · commit 8c43912a08bf · 2020-06-24T10:58:14.000-04:00
diff --git a/detect_secrets/plugins/db2.py b/detect_secrets/plugins/db2.py
@@ -61,7 +61,7 @@ class Db2Detector(RegexBasedDetector):
     # catch any character except newline and quotations, we exclude these
     # because the regex will erronously match them when present at the end of the password
     # db2 password requirements vary by version so we cast a broad net
-    password = r'([^\r\n"\']+)'
+    password = r'([^ ;,\r\n"\']+)'
     denylist = (
         re.compile(
             r'{begin}{opt_quote}{opt_db}{opt_dash_undrscr}{password_keyword}{opt_quote}{opt_space}'
diff --git a/tests/plugins/db2_test.py b/tests/plugins/db2_test.py
@@ -39,6 +39,44 @@ class TestGheDetector(object):
                 'database=test;hostname=host.test.com;'
                 'port=1;protocol=tcpip;uid=testid;pwd=secret', True,
             ),
+            (
+                'secret',
+                'database=test;hostname=host.test.com;'
+                'port=1;protocol=tcpip;uid=testid;pwd=secret;', True,
+            ),
+            (
+                'secret',
+                'database=test;hostname=host.test.com;'
+                'port=1;protocol=tcpip;pwd=secret;uid=testid;', True,
+            ),
+            (
+                'secret',
+                'database=test,hostname=host.test.com,'
+                'port=1,protocol=tcpip,pwd=secret,uid=testid', True,
+            ),
+            (
+                'secret',
+                'database=test,hostname=host.test.com,'
+                'port=1,protocol=tcpip,uid=testid,pwd=secret', True,
+            ),
+            (
+                'secret',
+                'user=testid,\npassword=secret,\ndatabase=test,\n'
+                'hostname=host.test.com,\nport=1', True,
+            ),
+            (
+                'secret',
+                'user=testid\npassword=secret\ndatabase=test\n'
+                'hostname=host.test.com\nport=1', True,
+            ),
+            (
+                'secret',
+                'jdbc:db2://hostname.test.com:1/test:user=testid;password=secret;', True,
+            ),
+            (
+                'secret',
+                'jdbc:db2://hostname.test.com:1/test user=testid password=secret', True,
+            ),
             ('$omespeci@!ch@r$', 'dbpwd=$omespeci@!ch@r$', True),
             ('astring', 'db2_password = "astring"', True),
             ('Iusedb2!', '"password": "Iusedb2!"', True),
