From 1790240be5a46018614a42a90946703a8b16e029 Mon Sep 17 00:00:00 2001
From: Taylor <28880387+tsmithv11@users.noreply.github.com>
Date: Mon, 4 Nov 2024 00:14:27 -0800
Subject: [PATCH] Add new pattern (#222)

---
 detect_secrets/plugins/keyword.py | 11 +++++++++++
 tests/plugins/keyword_test.py     |  2 ++
 2 files changed, 13 insertions(+)

diff --git a/detect_secrets/plugins/keyword.py b/detect_secrets/plugins/keyword.py
index 1414ffbfa..4aa7abc5f 100644
--- a/detect_secrets/plugins/keyword.py
+++ b/detect_secrets/plugins/keyword.py
@@ -223,6 +223,16 @@
     ),
     flags=re.IGNORECASE,
 )
+DATA_PUT_PASSWORD_REGEX = re.compile(
+    # Matches patterns like data.put("password", "bar") or data.put('password', 'bar')
+    r'data\.put\({whitespace}{quote}{denylist}{quote}{whitespace},{whitespace}{quote}({secret}){quote}{whitespace}\)'.format(
+        denylist=DENYLIST_REGEX_WITH_PREFIX,
+        quote=QUOTE,
+        whitespace=OPTIONAL_WHITESPACE,
+        secret=SECRET,
+    ),
+    re.IGNORECASE,
+)
 CONFIG_DENYLIST_REGEX_TO_GROUP = {
     FOLLOWED_BY_COLON_REGEX: 4,
     PRECEDED_BY_EQUAL_COMPARISON_SIGNS_QUOTES_REQUIRED_REGEX: 2,
@@ -248,6 +258,7 @@
     FOLLOWED_BY_EQUAL_SIGNS_QUOTES_REQUIRED_REGEX: 5,
     FOLLOWED_BY_QUOTES_AND_SEMICOLON_REGEX: 3,
     FOLLOWED_BY_ARROW_FUNCTION_SIGN_QUOTES_REQUIRED_REGEX: 4,
+    DATA_PUT_PASSWORD_REGEX: 2,
 }
 
 TERRAFORM_DENYLIST_REGEX_TO_GROUP = {
diff --git a/tests/plugins/keyword_test.py b/tests/plugins/keyword_test.py
index 839ad6fa3..3d1f7c13a 100644
--- a/tests/plugins/keyword_test.py
+++ b/tests/plugins/keyword_test.py
@@ -162,6 +162,8 @@
     (LONG_LINE, None),  # Long line test
     ('password => ""', None),
     ('password => {}'.format(COMMON_SECRET), None),
+    ('data.put("password", "{}")'.format(COMMON_SECRET), COMMON_SECRET),
+    ('data.put("secret", "{}")'.format(COMMON_SECRET), COMMON_SECRET),
 ]
 
 QUOTES_REQUIRED_TEST_CASES = [