Skip to content

Commit 087d43f

Browse files
committed
fix: stricter obfuscated key regex to ignore placeholders
1 parent 0f9adc9 commit 087d43f

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

src/qwed_new/guards/pii_guard.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,8 @@ def __init__(self):
1818
# Identifying common password declarations (heuristic)
1919
"password_assignment": re.compile(r"(?i)(password|passwd|pwd|secret)\s*[:=]\s*['\"]?(\S{6,})['\"]?"),
2020

21-
# Obfuscated Keys (e.g. "sk - proj - ...")
22-
"obfuscated_api_key": re.compile(r"sk\s*-\s*(?:proj|ant)\s*-\s*[a-zA-Z0-9]+"),
21+
# Obfuscated Keys (e.g. "sk - proj - ...") - require long suffix to avoid placeholders like XXXX
22+
"obfuscated_api_key": re.compile(r"sk\s*-\s*(?:proj|ant)\s*-\s*[a-zA-Z0-9]{15,}"),
2323

2424
# Additional PII (Stricter Phone Number: Word boundaries to avoid matching inside API keys)
2525
"phone_number": re.compile(r"\b(?:\+\d{1,3}[-.]?)?\(?\d{3}\)?[-.]?\d{3}[-.]?\d{4}\b"),

0 commit comments

Comments
 (0)