KeywordDetector plugin doesn't detect secrets which start with a symbol

[gpflaum]

• I'm submitting a ...

  • bug report
  • feature request

• What is the current behavior?

The KeywordDetector plugin doesn't detect secrets which start with a symbol. The comments in keyword.py say it will "find secrets that starts with symbols or alphanumeric characters". That used to work, but a change made in #442 to address a performance problem broke this. After that change it only finds secrets which start with word characters (\w): letters, digits, or underscore.

• If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem

Create a file leading_symbol.properties:

# KeywordDetector does not find this secret:
a_password = +eTxoi3271x
# It does find this secret:
b_password = eTxoi3271x+

detect-secrets and detect-secrets-hook only find the second secret, don't find the secret with a leading symbol:

% detect-secrets-hook leading_symbol.properties
ERROR: Potential secrets about to be committed to git repo!

Secret Type: Secret Keyword
Location:    leading_symbol.properties:4

Possible mitigations:
  - For information about putting your secrets in a safer place, please ask in
    #security
  - Mark false positives with an inline `pragma: allowlist secret`
    comment

If a secret has already been committed, visit
https://help.github.com/articles/removing-sensitive-data-from-a-repository

• What is the expected behavior?

KeywordDetector should find secrets that start with a symbol.

• Please tell us about your environment:
  • detect-secrets Version: 1.5
  • Python Version: 3.11.2
  • OS Version: macOS Sonoma
  • File type (if applicable): various