From 51ebf30454bf7b3787ca45a6e184d5f3d14eba5d Mon Sep 17 00:00:00 2001
From: Mick Grove <mick.grove@mongodb.com>
Date: Sat, 15 Nov 2025 08:43:54 -0800
Subject: [PATCH] - Skip reporting MongoDB and Postgres findings when their
 connection strings cannot be parsed, even when validation is disabled. -
 Improve MySQL detection by broadening URI coverage and adding live validation
 that skips clearly invalid connection strings.

---
 data/rules/jdbc.yml |  4 ++--
 src/bitbucket.rs    | 32 ++++++++++++++++++++++++++------
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/data/rules/jdbc.yml b/data/rules/jdbc.yml
index c565c9f..3a2ab14 100644
--- a/data/rules/jdbc.yml
+++ b/data/rules/jdbc.yml
@@ -5,8 +5,8 @@ rules:
       (?xi)
       (
         jdbc:
-        [a-z][a-z0-9+.-]{2,30}
-        (?:[:][a-z0-9+.-]{1,30})*
+        [a-z][a-z0-9+.-]{2,32}
+        (?:[:][a-z0-9+.-]{1,32})*
         :
         [^\s"'<>,(){}\[\]]{10,448}
       )
diff --git a/src/bitbucket.rs b/src/bitbucket.rs
index 6f5f374..12edf6c 100644
--- a/src/bitbucket.rs
+++ b/src/bitbucket.rs
@@ -51,15 +51,20 @@ impl AuthConfig {
         bearer_token: Option<String>,
     ) -> Self {
         fn normalized(value: Option<String>) -> Option<String> {
-            value.and_then(|v| if v.trim().is_empty() { None } else { Some(v) })
+            value.and_then(|v| {
+                let trimmed = v.trim();
+                if trimmed.is_empty() {
+                    None
+                } else if trimmed.len() == v.len() {
+                    Some(v)
+                } else {
+                    Some(trimmed.to_owned())
+                }
+            })
         }
 
         fn env_var(name: &str) -> Option<String> {
-            match env::var(name) {
-                Ok(value) if value.trim().is_empty() => None,
-                Ok(value) => Some(value),
-                Err(_) => None,
-            }
+            normalized(env::var(name).ok())
         }
 
         let username = normalized(username).or_else(|| env_var("KF_BITBUCKET_USERNAME"));
@@ -769,6 +774,21 @@ mod tests {
         );
     }
 
+    #[test]
+    fn auth_config_trims_environment_whitespace() {
+        temp_env::with_vars(
+            &[
+                ("KF_BITBUCKET_USERNAME", Some("  user  ")),
+                ("KF_BITBUCKET_APP_PASSWORD", Some("  pass\n")),
+            ],
+            || {
+                let auth = AuthConfig::from_env();
+                assert_eq!(auth.username.as_deref(), Some("user"));
+                assert_eq!(auth.password.as_deref(), Some("pass"));
+            },
+        );
+    }
+
     #[test]
     fn auth_config_treats_access_token_as_bearer() {
         let token = "AT1234567890_ACCESS_TOKEN_EXAMPLE_WITH_UNDERSCORE";