From b6dfca1cf2037b641dffb04e1efa0da858402610 Mon Sep 17 00:00:00 2001
From: jake <jake.young.dev@gmail.com>
Date: Tue, 11 Nov 2025 17:45:34 -0500
Subject: [PATCH] regex fixes for environment variables

---
 main.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/main.go b/main.go
index 0b8798b..354554a 100644
--- a/main.go
+++ b/main.go
@@ -21,7 +21,7 @@ const (
 	ROOT_USER       = "1000"
 	ROOT_GROUP      = "1000"
 	//this is an insane regex to detect IP:PORT:PORT in port configuration but also supports the ability to detect secrets.* and vars.* from workflows
-	IM_SO_SORRY = `^(\${{\s*(vars|secrets)\.[[:alnum:]]+\s*}}|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}){1}:(\${{\s*(vars|secrets)\.[[:alnum:]]+\s*}}|[0-9]+){1}:(\${{\s*(vars|secrets)\.[[:alnum:]]+\s*}}|[0-9]+){1}$`
+	IM_SO_SORRY = `^(\${\s*\w+\s*}|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}){1}:(\${\s*\w+\s*}|[0-9]+){1}:(\${\s*\w+\s*}|[0-9]+){1}$`
 )
 
 func main() {
@@ -173,7 +173,7 @@ func SecurityOptCheck(srv compose.ServiceConfig) *issue.Issue {
 	for _, opt := range *srv.SecOpts {
 		if strings.EqualFold(opt, PRIVILEGE_OPT) {
 			i.Passed()
-			i.Messages = append(i.Messages, "security option are safe")
+			i.Messages = append(i.Messages, "security options are safe")
 			return i
 		}
 	}
@@ -208,7 +208,7 @@ func PortCheck(srv compose.ServiceConfig) ([]*issue.Issue, error) {
 			continue
 		}
 
-		ms, err := regexp.Match(`^\${{\s*(vars|secrets)\.[[:alnum:]]+\s*}}{1}:\${{\s*(vars|secrets)\.[[:alnum:]]+\s*}}{1}$`, []byte(prt))
+		ms, err := regexp.Match(`^\${\s*\w+\s*}{1}:\${\s*\w+\s*}{1}$`, []byte(prt))
 		if err != nil {
 			log.Fatal(err)
 		}