Fix wrong line number in private key detector (#4485) (#4486)

* Fix wrong line number in private key detector (#4485)

Private key detector findings report wrong line number when private key
literal doesn't end with new line character.

After private is matched using regexp is goes through Normalize
function and normalized result is used in result.Raw and then used in
engine.FragmentLineOffset which looks for line of code.

Normalization step is crucial as ssh.ParseRawPrivateKey is quite strict
about format of accepted key and this step can sieve false posivites as
it can verify it private key is legit or just matches permisive regexp.

Normalize always adds newline char at end of string (as needed for
validation) but such string, with new line at the end is then used for
looking for LOC. If source chunk didn't have new line char right after
private key engine will report default LOC.

This fix changes Result.Raw for private key detector to use raw match
from regexp and not normalized string. This way engine can calculate
correct LOC for such finding.

* Fix wrong line number in private key detector - use primary primarySecret (#4485)

Revert previous changes that changed result.Raw in primary key detector
as it  can interfere with existing finding. Use SetPrimarySecretValue(match)
instead

---------

Co-authored-by: Kashif Khan <[email protected]>
Co-authored-by: Shahzad Haider <[email protected]>

Author: 3 people

pkg/detectors/privatekey/privatekey.go

@@ -71,6 +71,9 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 			ExtraData:    make(map[string]string),
 		}
 
+		// set not normalized match as primary secret value so it is used to calculate line of code
+		s1.SetPrimarySecretValue(match)
+
 		var passphrase string
 		parsedKey, err := ssh.ParseRawPrivateKey([]byte(token))
 		if err != nil && strings.Contains(err.Error(), "private key is passphrase protected") {