Azure sas storage tokens not detected

[robinlandstrom]

TruffleHog Version: trufflehog 3.93.0

Noticed that some Azure Storage SAS tokens where not detected by TruffleHog

Example SAS url generated via Microsoft Storage Explorer that is not detected

https://accountname.blob.core.windows.net/sorted?sv=2023-01-03&st=2025-06-18T08%3A45%3A11Z&se=2025-06-19T08%3A45%3A11Z&sr=c&sp=r&sig=ow2a1XbXmD4%2BEv9LBUkek8R%2FrAjvrQFpenUbzztILn8%3D

It seems like this regex is a bit restrictive:

trufflehog/pkg/detectors/azuresastoken/azuresastoken.go

Line 36 in 7635b24

`(sp=[racwdli]+&st=\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z&se=\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z(?:&sip=\d{1,3}(?:\.\d{1,3}){3}(?:-\d{1,3}(?:\.\d{1,3}){3})?)?(&spr=https)?(?:,https)?&sv=\d{4}-\d{2}-\d{2}&sr=[bcfso]&sig=[a-zA-Z0-9%]{10,})`)

Tricky thou to build a regex that detects http query params that can be in any order.

For example this regex works for my url, but would fail on one with sip set, other ordering of parameters etc.

'(sv=[0-9-]{10}&st=[0-9-%TAZ]{24}&se=[0-9-%TAZ]{24}&sr=[a-z]{1,10}&sp=[a-z]{1,10}&sig=(?:[A-Za-z0-9+\/=]|%3D|%2B|%2F){44})'