fix: reverting special character support for generic rule (#380)

<!--
Thanks for contributing to 2ms by offering a pull request.
-->

Closes #

**Proposed Changes**

<!--
Please describe the big picture of your changes here. If it fixes a bug
or resolves a feature request, be sure to link to that issue.
-->

**Checklist**

- [ ] I covered my changes with tests.
- [ ] I Updated the documentation that is affected by my changes:
  - [ ] Change in the CLI arguments
  - [ ] Change in the configuration file

I submit this contribution under the Apache-2.0 license.

Author: cx-diogo-rocha

Dockerfile

@@ -3,7 +3,7 @@
 # and "Missing User Instruction" since 2ms container is stopped after scan
 
 # Builder image
-FROM checkmarx/go:1.25.7-r0-b270bc965b34b4@sha256:b270bc965b34b4ffec624413bc1f1830c58c0abb142580ca76d42116b3b06764 AS builder
+FROM checkmarx/go:1.26.1-r0-ce13f12ff5c411@sha256:ce13f12ff5c4114de1df95b2442911adab6c5a3ee580945176213f78c94ca0c6 AS builder
 
 WORKDIR /app
 
@@ -20,7 +20,7 @@ COPY . .
 RUN GOOS=linux GOARCH=amd64 go build -buildvcs=false -ldflags="-s -w" -a -o /app/2ms .
 
 # Runtime image
-FROM checkmarx/git:2.53.0-r0-dadf19ec31d471@sha256:dadf19ec31d4711eeace2763e89511693b36ba0ea5c9e12a763978b4b29ddba0
+FROM checkmarx/git:2.53.0-r0-550d658abf13b0@sha256:550d658abf13b060746bcc629daaa6eaf6ee66364e5b5fa6216eb92f5e4d0f97
 
 WORKDIR /app
 

engine/rules/ruledefine/generic_credential.go

@@ -16,7 +16,7 @@ var genericCredentialRegex = generateSemiGenericRegexIncludingXml([]string{
 	"passw(?:or)?d",
 	"secret",
 	"token",
-}, `[\w.=\-~?!:@]{10,150}|[a-z0-9][a-z0-9+/]{11,}={0,3}`, true).String()
+}, `[\w.=-]{10,150}|[a-z0-9][a-z0-9+/]{11,}={0,3}`, true).String()
 
 func GenericCredential() *Rule {
 	return &Rule{
@@ -42,7 +42,7 @@ func GenericCredential() *Rule {
 				// NOTE: this is a goofy hack to get around the fact there golang's regex engine does not support positive lookaheads.
 				// Ideally we would want to ensure the secret contains both numbers and alphabetical characters, not just alphabetical characters.
 				Regexes: []string{
-					regexp.MustCompile(`^[a-zA-Z_.-]+:?$`).String(),
+					regexp.MustCompile(`^[a-zA-Z_.-]+$`).String(),
 				},
 			},
 			{
@@ -60,7 +60,7 @@ func GenericCredential() *Rule {
 						`|rapid|capital` + // common words containing "api"
 						`|[a-z0-9-]*?api[a-z0-9-]*?:jar:` + // Maven META-INF dependencies that contain "api" in the name.
 						// Auth
-						`|\bauthor\b` +
+						`|author` +
 						`|X-MS-Exchange-Organization-Auth` + // email header
 						`|Authentication-Results` + // email header
 						// Credentials
@@ -94,10 +94,6 @@ func GenericCredential() *Rule {
 						// Empty variables capturing the next line (e.g., .env files)
 						`|(?-i:(?:[A-Z_]+=\n[A-Z_]+=|[a-z_]+=\n[a-z_]+=)(?:\n|\z))` +
 						`|(?-i:(?:[A-Z.]+=\n[A-Z.]+=|[a-z.]+=\n[a-z.]+=)(?:\n|\z))` +
-						// Code constant references (e.g. AnnotationWithConstants::INTEGER).
-						`|(?-i:\w+::[A-Z][A-Z0-9_]*)` +
-						// Any secret in valid date/datetime format (e.g. ISO 8601: 2018-04-22T10:28:49.876Z) — not a credential
-						`|\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})?` +
 						`)`).String(),
 				},
 				StopWords: append(DefaultStopWords,

engine/rules/ruledefine/generic_credential_test.go

@@ -85,8 +85,6 @@ func TestGenericCredential(t *testing.T) {
 				" utils.GetEnvOrDefault(\"api_token\", \"dafa7817-e246-48f3-91a7-e87653d587b8\")",
 				// xml cases
 				"<key>API_KEY</key>\n<string>AIzaSyATDL7Wz3Ze6BU31Yv3fVVth30Skyib29g</string>",
-				"Authorization.ClientSecret: e55wsdasfsgs-sdsdas_2sdasjVM~ggadASaADASsad",
-				"Authorization.ClientSecret: e55wsdasfsgs-sds::das_2sdasjVM~ggad?ASaAD!ASs@ad",
 			},
 			falsePositives: []string{
 				"issuerKeyHash=npmXsmT2_C1iJZ-SD7RuL8exZ=6ucd",
@@ -98,13 +96,6 @@ func TestGenericCredential(t *testing.T) {
 				"<key>GOOGLE_APP_ID</key>\n<string>1:407966239993:ios:0d7534f14f8cfe19</string>",
 				"\"a_b_key\": \"x-someval-127.0.0.1\",",
 				"KeyVaultSecretsUser: '62168719-64c5-453d-b4ef-b51d8b1ad44d'",
-				"maxAPIResponseBytes: tc.maxAPIBytes , maxTotalScanBytes:   tc.maxTotalBytes,",
-				"SOME_KEY = AnnotationWithConstants::INTEGER",
-				"SOME_KEY = AnnotationWithConstants::TANTO_FAZ",
-				"AuthnInstant=2018-04-22T10:28:49.876Z",
-				"AuthnInstant=2018-04-22T10:28:49Z",
-				"AuthnInstant=2018-04-22T10:28:49+00:00",
-				"PasswordStorage::SECTION_DELIMITER",
 			},
 		},
 	}

go.mod

@@ -1,6 +1,6 @@
 module github.com/checkmarx/2ms/v5
 
-go 1.25.7
+go 1.26.1
 
 replace (
 	golang.org/x/oauth2 => golang.org/x/oauth2 v0.30.0

internal/workerpool/pool.go

@@ -60,7 +60,7 @@ type Option func(*Config)
 
 // New creates a new worker pool with the specified number of workers
 func New(name string, opts ...Option) Pool {
-	ctx, cancel := context.WithCancel(context.Background())
+	ctx, cancel := context.WithCancel(context.Background()) //nolint:gosec // G118: cancel is stored in config and called in Stop()
 	config := &Config{
 		workers:   defaultWorkers,
 		queueSize: defaultWorkers * 10,