use first capture group in custom detector regex if available (#3853)

Author: zricethezav

pkg/custom_detectors/custom_detectors.go

@@ -129,7 +129,11 @@ func (c *CustomRegexWebhook) createResults(ctx context.Context, match map[string
 	var raw string
 	for _, values := range match {
 		// values[0] contains the entire regex match.
-		raw += values[0]
+		secret := values[0]
+		if len(values) > 1 {
+			secret = values[1]
+		}
+		raw += secret
 	}
 	result := detectors.Result{
 		DetectorType: detectorspb.DetectorType_CustomRegex,

pkg/custom_detectors/custom_detectors_test.go

@@ -199,13 +199,13 @@ func TestDetector(t *testing.T) {
 		// "password" is normally flagged as a false positive, but CustomRegex
 		// should allow the user to decide and report it as a result.
 		Keywords: []string{"password"},
-		Regex:    map[string]string{"regex": "password=.*"},
+		Regex:    map[string]string{"regex": "password=\"(.*)\""},
 	})
 	assert.NoError(t, err)
 	results, err := detector.FromData(context.Background(), false, []byte(`password="123456"`))
 	assert.NoError(t, err)
 	assert.Equal(t, 1, len(results))
-	assert.Equal(t, results[0].Raw, []byte(`password="123456"`))
+	assert.Equal(t, results[0].Raw, []byte(`123456`))
 }
 
 func BenchmarkProductIndices(b *testing.B) {