- Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled.

- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
2025-11-15 08:43:54 -08:00 · 2025-11-15 08:43:54 -08:00 · 51ebf30454
commit 51ebf30454
parent f159dac5ab
2 changed files with 28 additions and 8 deletions
--- a/data/rules/jdbc.yml
+++ b/data/rules/jdbc.yml
@ -5,8 +5,8 @@ rules:
      (?xi)
      (
        jdbc:
-        [a-z][a-z0-9+.-]{2,30}
-        (?:[:][a-z0-9+.-]{1,30})*
+        [a-z][a-z0-9+.-]{2,32}
+        (?:[:][a-z0-9+.-]{1,32})*
        :
        [^\s"'<>,(){}\[\]]{10,448}
      )
--- a/src/bitbucket.rs
+++ b/src/bitbucket.rs
@ -51,15 +51,20 @@ impl AuthConfig {
        bearer_token: Option<String>,
    ) -> Self {
        fn normalized(value: Option<String>) -> Option<String> {
-            value.and_then(|v| if v.trim().is_empty() { None } else { Some(v) })
+            value.and_then(|v| {
+                let trimmed = v.trim();
+                if trimmed.is_empty() {
+                    None
+                } else if trimmed.len() == v.len() {
+                    Some(v)
+                } else {
+                    Some(trimmed.to_owned())
+                }
+            })
        }

        fn env_var(name: &str) -> Option<String> {
-            match env::var(name) {
-                Ok(value) if value.trim().is_empty() => None,
-                Ok(value) => Some(value),
-                Err(_) => None,
-            }
+            normalized(env::var(name).ok())
        }

        let username = normalized(username).or_else(|| env_var("KF_BITBUCKET_USERNAME"));
@ -769,6 +774,21 @@ mod tests {
        );
    }

+    #[test]
+    fn auth_config_trims_environment_whitespace() {
+        temp_env::with_vars(
+            &[
+                ("KF_BITBUCKET_USERNAME", Some("  user  ")),
+                ("KF_BITBUCKET_APP_PASSWORD", Some("  pass\n")),
+            ],
+            || {
+                let auth = AuthConfig::from_env();
+                assert_eq!(auth.username.as_deref(), Some("user"));
+                assert_eq!(auth.password.as_deref(), Some("pass"));
+            },
+        );
+    }
+
    #[test]
    fn auth_config_treats_access_token_as_bearer() {
        let token = "AT1234567890_ACCESS_TOKEN_EXAMPLE_WITH_UNDERSCORE";