From e21fb748f46b6e65d4e0306f266ddde0663298a0 Mon Sep 17 00:00:00 2001
From: Omry Mendelovich <16597193+omryMen@users.noreply.github.com>
Date: Mon, 18 Nov 2024 09:29:58 +0200
Subject: [PATCH] fix(secrets): skip empty match (#6849)

fix empty match
---
 checkov/secrets/plugins/custom_regex_detector.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/checkov/secrets/plugins/custom_regex_detector.py b/checkov/secrets/plugins/custom_regex_detector.py
index a8359d810d2..10a8f3e78a5 100644
--- a/checkov/secrets/plugins/custom_regex_detector.py
+++ b/checkov/secrets/plugins/custom_regex_detector.py
@@ -142,6 +142,9 @@ def _find_potential_secret(
         current_regex_to_metadata: dict[str, dict[str, Any]] = self.multiline_regex_to_metadata if is_multiline else self.regex_to_metadata
         kwargs["regex_denylist"] = current_denylist
         for match, regex in self.analyze_string(string_to_analyze, **kwargs):
+            if len(match) == 0:
+                # Skip empty matches
+                continue
             try:
                 verified_result = call_function_with_arguments(self.verify, secret=match, context=context)
                 is_verified = True if verified_result == VerifiedResult.VERIFIED_TRUE else False