From f1fa1d01d4f8921a19db99f45db828e6bcb90120 Mon Sep 17 00:00:00 2001
From: Taylor <28880387+tsmithv11@users.noreply.github.com>
Date: Wed, 18 Dec 2024 23:08:56 -0800
Subject: [PATCH] Fix public key FPs (#242)

---
 detect_secrets/plugins/keyword.py | 7 +++++++
 tests/plugins/keyword_test.py     | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/detect_secrets/plugins/keyword.py b/detect_secrets/plugins/keyword.py
index 4aa7abc5..5a110836 100644
--- a/detect_secrets/plugins/keyword.py
+++ b/detect_secrets/plugins/keyword.py
@@ -66,6 +66,10 @@
     'recaptcha_.*key',
     'nessus_?key',
 )
+ALLOWLIST = (
+    'publickeytoken',
+    'tokenendpoint',
+)
 # Includes ], ', " as closing
 CLOSING = r'[]\'"]{0,2}'
 AFFIX_REGEX = r'\w*'
@@ -308,6 +312,9 @@ def analyze_string(
         string: str,
         denylist_regex_to_group: Optional[Dict[Pattern, int]] = None,
     ) -> Generator[str, None, None]:
+        if any(allowed.lower() in string.lower() for allowed in ALLOWLIST):
+            return
+
         if self.keyword_exclude and self.keyword_exclude.search(string):
             return
 
diff --git a/tests/plugins/keyword_test.py b/tests/plugins/keyword_test.py
index 3d1f7c13..60b3ab5f 100644
--- a/tests/plugins/keyword_test.py
+++ b/tests/plugins/keyword_test.py
@@ -50,6 +50,8 @@
     ('API-KEY = {}'.format(COMMON_SECRET), COMMON_SECRET),
     ('nessus_key: {}'.format(COMMON_SECRET), COMMON_SECRET),
     (LONG_LINE, None),  # Long line test
+    ('<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="{}" />'.format(COMMON_SECRET), None), # XML FP
+    ('<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="{}" />'.format(COMMON_SECRET), None), # XML FP
 ]
 
 GOLANG_TEST_CASES = [