[THOG-234] Update security trails detector's regex and keywords. (#429)

* Update detectors PrefixRegex to allow for new line and carriage returns.
Add additional keyword for security trails.
Add additional unit tests for security trails and PrefixRegex

* Update catpure group.

Author: ahrav

pkg/detectors/detectors.go

@@ -92,7 +92,7 @@ func CleanResults(results []Result) []Result {
 func PrefixRegex(keywords []string) string {
 	pre := `(?i)(?:`
 	middle := strings.Join(keywords, "|")
-	post := `).{0,40}`
+	post := `)(?:.|[\n\r]){0,40}`
 	return pre + middle + post
 }
 

pkg/detectors/detectors_test.go

@@ -0,0 +1,36 @@
+package detectors
+
+import "testing"
+
+func TestPrefixRegex(t *testing.T) {
+	tests := []struct {
+		keywords []string
+		expected string
+	}{
+		{
+			keywords: []string{"securitytrails"},
+			expected: `(?i)(?:securitytrails).|(?:[\n\r]){0,40}`,
+		},
+		{
+			keywords: []string{"zipbooks"},
+			expected: `(?i)(?:zipbooks).|(?:[\n\r]){0,40}`,
+		},
+		{
+			keywords: []string{"wrike"},
+			expected: `(?i)(?:wrike).|(?:[\n\r]){0,40}`,
+		},
+	}
+	for _, tt := range tests {
+		got := PrefixRegex(tt.keywords)
+		if got != tt.expected {
+			t.Errorf("PrefixRegex(%v) got: %v want: %v", tt.keywords, got, tt.expected)
+		}
+	}
+}
+
+func BenchmarkPrefixRegex(b *testing.B) {
+	kws := []string{"securitytrails"}
+	for i := 0; i < b.N; i++ {
+		PrefixRegex(kws)
+	}
+}

pkg/detectors/securitytrails/securitytrails.go

@@ -26,7 +26,7 @@ var (
 // Keywords are used for efficiently pre-filtering chunks.
 // Use identifiers in the secret preferably, or the provider name.
 func (s Scanner) Keywords() []string {
-	return []string{"securitytrails"}
+	return []string{"securitytrails", "security trails"}
 }
 
 // FromData will find and optionally verify SecurityTrails secrets in a given set of bytes.

pkg/detectors/securitytrails/securitytrails_test.go

@@ -38,6 +38,22 @@ func TestSecurityTrails_FromChunk(t *testing.T) {
 		{
 			name: "found, verified",
 			s:    Scanner{},
+			args: args{
+				ctx:    context.Background(),
+				data:   []byte(fmt.Sprintf("You can find a securitytrails secret\n %s within", secret)),
+				verify: true,
+			},
+			want: []detectors.Result{
+				{
+					DetectorType: detectorspb.DetectorType_SecurityTrails,
+					Verified:     true,
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "found, verified inline",
+			s:    Scanner{},
 			args: args{
 				ctx:    context.Background(),
 				data:   []byte(fmt.Sprintf("You can find a securitytrails secret %s within", secret)),