fix(secret): change grafana token regex to find them without unquoted (#7627)

pkg/fanal/secret/builtin-rules.go

@@ -553,7 +553,7 @@ var builtinRules = []Rule{
 		Category: CategoryGrafana,
 		Title:    "Grafana API token",
 		Severity: "MEDIUM",
-		Regex:    MustCompile(`['\"]eyJrIjoi(?i)[a-z0-9\-_=]{72,92}['\"]`),
+		Regex:    MustCompile(`['\"]?eyJrIjoi(?i)[a-z0-9\-_=]{72,92}['\"]?`),
 		Keywords: []string{"eyJrIjoi"},
 	},
 	{

pkg/fanal/secret/scanner_test.go

@@ -690,6 +690,71 @@ func TestSecretScanner(t *testing.T) {
 		},
 	}
 
+	wantFindingGrafanaQuoted := types.SecretFinding{
+		RuleID:    "grafana-api-token",
+		Category:  secret.CategoryGrafana,
+		Title:     "Grafana API token",
+		Severity:  "MEDIUM",
+		StartLine: 1,
+		EndLine:   1,
+		Match:     "GRAFANA_TOKEN=**********************************************************************************************",
+		Code: types.Code{
+			Lines: []types.Line{
+				{
+					Number:      1,
+					Content:     "GRAFANA_TOKEN=**********************************************************************************************",
+					Highlighted: "GRAFANA_TOKEN=**********************************************************************************************",
+					IsCause:     true,
+					FirstCause:  true,
+					LastCause:   true,
+				},
+				{
+					Number:      2,
+					Content:     "GRAFANA_TOKEN=**************************************************************************************",
+					Highlighted: "GRAFANA_TOKEN=**************************************************************************************",
+					IsCause:     false,
+					FirstCause:  false,
+					LastCause:   false,
+				},
+			},
+		},
+	}
+
+	wantFindingGrafanaUnquoted := types.SecretFinding{
+		RuleID:    "grafana-api-token",
+		Category:  secret.CategoryGrafana,
+		Title:     "Grafana API token",
+		Severity:  "MEDIUM",
+		StartLine: 2,
+		EndLine:   2,
+		Match:     "GRAFANA_TOKEN=********************************************************************************************",
+		Code: types.Code{
+			Lines: []types.Line{
+				{
+					Number:      1,
+					Content:     "GRAFANA_TOKEN=**************************************************************************************",
+					Highlighted: "GRAFANA_TOKEN=**************************************************************************************",
+					IsCause:     false,
+					FirstCause:  false,
+					LastCause:   false,
+				},
+				{
+					Number:      2,
+					Content:     "GRAFANA_TOKEN=********************************************************************************************",
+					Highlighted: "GRAFANA_TOKEN=********************************************************************************************",
+					IsCause:     true,
+					FirstCause:  true,
+					LastCause:   true,
+				},
+				{
+					Number:      3,
+					Content:     "",
+					Highlighted: "",
+				},
+			},
+		},
+	}
+
 	wantMultiLine := types.SecretFinding{
 		RuleID:    "multi-line-secret",
 		Category:  "general",
@@ -858,6 +923,15 @@ func TestSecretScanner(t *testing.T) {
 				Findings: []types.SecretFinding{wantFindingHuggingFace},
 			},
 		},
+		{
+			name:          "find grafana secret",
+			configPath:    filepath.Join("testdata", "config.yaml"),
+			inputFilePath: filepath.Join("testdata", "grafana-env.txt"),
+			want: types.Secret{
+				FilePath: filepath.Join("testdata", "grafana-env.txt"),
+				Findings: []types.SecretFinding{wantFindingGrafanaUnquoted, wantFindingGrafanaQuoted},
+			},
+		},
 		{
 			name:          "find JWT token",
 			configPath:    filepath.Join("testdata", "config.yaml"),

pkg/fanal/secret/testdata/grafana-env.txt

@@ -0,0 +1,2 @@
+GRAFANA_TOKEN="eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbkT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk"
+GRAFANA_TOKEN=eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbkT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk