From 50f6eb4727881cd46f2c20532c050830a6494114 Mon Sep 17 00:00:00 2001
From: Taylor <28880387+tsmithv11@users.noreply.github.com>
Date: Fri, 8 Nov 2024 09:57:02 -0800
Subject: [PATCH] Add bounds to AWS Access Key (#223)

---
 detect_secrets/plugins/aws.py | 2 +-
 tests/plugins/aws_key_test.py | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/detect_secrets/plugins/aws.py b/detect_secrets/plugins/aws.py
index 945adc4cd..30b4f83d8 100644
--- a/detect_secrets/plugins/aws.py
+++ b/detect_secrets/plugins/aws.py
@@ -25,7 +25,7 @@ class AWSKeyDetector(RegexBasedDetector):
     secret_keyword = r'(?:key|pwd|pw|password|pass|token)'
 
     denylist = (
-        re.compile(r'(?:A3T[A-Z0-9]|ABIA|ACCA|AKIA|ASIA)[0-9A-Z]{16}'),
+        re.compile(r'\b(?:A3T[A-Z0-9]|ABIA|ACCA|AKIA|ASIA)[0-9A-Z]{16}\b'),
 
         # This examines the variable name to identify AWS secret tokens.
         # The order is important since we want to prefer finding access
diff --git a/tests/plugins/aws_key_test.py b/tests/plugins/aws_key_test.py
index 546030678..a86ad44a9 100644
--- a/tests/plugins/aws_key_test.py
+++ b/tests/plugins/aws_key_test.py
@@ -60,6 +60,10 @@ def setup_method(self):
                 'aws_access_key = "{}"'.format(EXAMPLE_SECRET[0:39]),
                 False,
             ),
+            (
+                '/9n/7QoAUGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAAccAgAAAgACADhCSU0EJQAAAAAAEEYM8okmuFbasJwBobCnkHc4QklNA+0AAAAAABAASAAAAAEAAQBIAAAAAQABOEJJTQQmAAAAAAAOAAAAAAAAAAAAAD+AAAA4QklNBA0AAAAAAAQAAAB4OEJJTQQZAAAAAAAEAAAAHjhCSU0D8wAAAAAACQAAAAAAAAAAAQA4QklNBAoAAAAAAAEAADhCSU0nEAAAAAAACgABAAAAAAAAAAI4QklNA/QAAAAAABIANQAAAAEALQAAAAYAAAAAAAE4QklNA/cAAAAAABwAAP////////////////////////////8D6AAAOEJJTQQIAAAAAAAQAAAAAQAAAkAAAAJAAAAAADhCSU0EHgAAAAAABAAAAAA4QklNBBoAAAAAA00AAAAGAAAAAAAAAAAAAAD9AAABTgAAAAwAQwBvAG4AZgBpAGQAZQBuAHQAaQBhAGwAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAU4AAAD9AAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAEAAAAAAABudWxsAAAAAgAAAAZib3VuZHNPYmpjAAAAAQAAAAAAAFJjdDEAAAAEAAAAAFRvcCBsb25nAAAAAAAAAABMZWZ0bG9uZwAAAAAAAAAAQnRvbWxvbmcAAAD9AAAAAFJnaHRsb25nAAABTgAAAAZzbGljZXNWbExzAAAAAU9iamMAAAABAAAAAAAFc2xpY2UAAAASAAAAB3NsaWNlSURsb25nAAAAAAAAAAdncm91cElEbG9uZwAAAAAAAAAGb3JpZ2luZW51bQAAAAxFU2xpY2VPcmlnaW4AAAANYXV0b0dlbmVyYXRlZAAAAABUeXBlZW51bQAAAApFU2xpY2VUeXBlAAAAAEltZyAAAAAGYm91bmRzT2Jq',
+                False,
+            ),
         ],
     )
     def test_analyze(self, line, should_flag):