Restore RE2 '?P<refine>' named group pattern.

microsoft · Mar 4, 2025 · 4193f31 · 4193f31
1 parent 33f8a72
commit 4193f31
Show file tree

Hide file tree

Showing 32 changed files with 161 additions and 105 deletions.
diff --git a/GeneratedRegexPatterns/HighConfidenceSecurityModels.json b/GeneratedRegexPatterns/HighConfidenceSecurityModels.json
diff --git a/GeneratedRegexPatterns/LowConfidenceSecurityModels.json b/GeneratedRegexPatterns/LowConfidenceSecurityModels.json
@@ -1,6 +1,6 @@
 [
   {
-    "Pattern": "(?i)authorization:(\\s|%20)bearer(\\s|%20)(?<refine>[0-9a-z][abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_~.\\-+\\/=]*)([^abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_~.\\-+/=]|$)",
+    "Pattern": "(?i)authorization:(\\s|%20)bearer(\\s|%20)(?P<refine>[0-9a-z][abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_~.\\-+\\/=]*)([^abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_~.\\-+/=]|$)",
     "Id": "SEC101/061",
     "Name": "OAuth2BearerToken",
     "Signatures": null,

diff --git a/GeneratedRegexPatterns/MediumConfidenceSecurityModels.json b/GeneratedRegexPatterns/MediumConfidenceSecurityModels.json
@@ -1,6 +1,6 @@
 [
   {
-    "Pattern": "(?i)\\.servicebus\\.windows.+[^0-9a-z\\/+](?<refine>[0-9a-z\\/+]{43}=)(?:[^=]|$)",
+    "Pattern": "(?i)\\.servicebus\\.windows.+[^0-9a-z\\/+](?P<refine>[0-9a-z\\/+]{43}=)(?:[^=]|$)",
     "Id": "SEC101/105",
     "Name": "AzureMessageLegacyCredentials",
     "Signatures": [
@@ -20,7 +20,7 @@
     "DetectionMetadata": "HighEntropy, MediumConfidence"
   },
   {
-    "Pattern": "($|\\b)(ftps?|https?):\\/\\/(?<refine>[^:@\\/]+:[^:@?\\/]+)@",
+    "Pattern": "($|\\b)(ftps?|https?):\\/\\/(?P<refine>[^:@\\/]+:[^:@?\\/]+)@",
     "Id": "SEC101/127",
     "Name": "UrlCredentials",
     "Signatures": [
@@ -30,7 +30,7 @@
     "DetectionMetadata": "MediumConfidence"
   },
   {
-    "Pattern": "(?i)(?:^|[?;&])(?:dsas_secret|sig)=(?<refine>[0-9a-z\\/+%]{43,129}(?:=|%3d))",
+    "Pattern": "(?i)(?:^|[?;&])(?:dsas_secret|sig)=(?P<refine>[0-9a-z\\/+%]{43,129}(?:=|%3d))",
     "Id": "SEC101/060",
     "Name": "LooseSasSecret",
     "Signatures": [

diff --git a/GeneratedRegexPatterns/PreciselyClassifiedSecurityKeys.json b/GeneratedRegexPatterns/PreciselyClassifiedSecurityKeys.json
diff --git a/GeneratedRegexPatterns/UnclassifiedPotentialSecurityKeys.json b/GeneratedRegexPatterns/UnclassifiedPotentialSecurityKeys.json
@@ -11,7 +11,7 @@
     "DetectionMetadata": "HighEntropy, MediumConfidence"
   },
   {
-    "Pattern": "($|\\b)(ftps?|https?):\\/\\/(?<refine>[^:@\\/]+:[^:@?\\/]+)@",
+    "Pattern": "($|\\b)(ftps?|https?):\\/\\/(?P<refine>[^:@\\/]+:[^:@?\\/]+)@",
     "Id": "SEC101/127",
     "Name": "UrlCredentials",
     "Signatures": [
@@ -21,7 +21,7 @@
     "DetectionMetadata": "MediumConfidence"
   },
   {
-    "Pattern": "(?i)(?:^|[?;&])(?:dsas_secret|sig)=(?<refine>[0-9a-z\\/+%]{43,129}(?:=|%3d))",
+    "Pattern": "(?i)(?:^|[?;&])(?:dsas_secret|sig)=(?P<refine>[0-9a-z\\/+%]{43,129}(?:=|%3d))",
     "Id": "SEC101/060",
     "Name": "LooseSasSecret",
     "Signatures": [
@@ -31,7 +31,7 @@
     "DetectionMetadata": "HighEntropy, MediumConfidence"
   },
   {
-    "Pattern": "(?i)authorization:(\\s|%20)bearer(\\s|%20)(?<refine>[0-9a-z][abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_~.\\-+\\/=]*)([^abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_~.\\-+/=]|$)",
+    "Pattern": "(?i)authorization:(\\s|%20)bearer(\\s|%20)(?P<refine>[0-9a-z][abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_~.\\-+\\/=]*)([^abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_~.\\-+/=]|$)",
     "Id": "SEC101/061",
     "Name": "OAuth2BearerToken",
     "Signatures": null,

diff --git a/src/Microsoft.Security.Utilities.Benchmarks/RE2RegexEngine.cs b/src/Microsoft.Security.Utilities.Benchmarks/RE2RegexEngine.cs
@@ -18,13 +18,9 @@ public class RE2RegexEngine : IRegexEngine
 #endif
         public IEnumerable<UniversalMatch> Matches(string input, string pattern, RegexOptions options = RegexOptionsDefaults, TimeSpan timeout = default, string? captureGroup = null)
         {
-            foreach (FlexMatch flexMatch in RE2Regex.Instance.Matches(input, pattern, options, timeout, captureGroup))
+            if (captureGroup == null)
             {
-                if (captureGroup != null)
-                {
-                    yield return CachedDotNetRegex.Instance.Matches(input, pattern, options, timeout, captureGroup).First();
-                }
-                else
+                foreach (FlexMatch flexMatch in RE2Regex.Instance.Matches(input, pattern, options, timeout, captureGroup))
                 {
                     yield return new UniversalMatch
                     {
@@ -35,6 +31,28 @@ public IEnumerable<UniversalMatch> Matches(string input, string pattern, RegexOp
                     };
                 }
             }
+            else
+            {
+                if (Regex2.Matches(pattern, input, out List<Dictionary<string, FlexMatch>> matches, 256L * 1024L * 1024L))
+                {
+                    foreach (Dictionary<string, FlexMatch> match in matches)
+                    {
+                        FlexMatch flexMatch = match["0"];
+                        if (match.TryGetValue("refine", out FlexMatch refineMatch))
+                        {
+                            flexMatch = refineMatch;
+                        }
+
+                        yield return new UniversalMatch
+                        {
+                            Index = flexMatch.Index,
+                            Length = flexMatch.Length,
+                            Value = flexMatch.Value,
+                            Success = flexMatch.Success
+                        };
+                    }
+                }
+            }
         }
     }
 }
diff --git a/src/Microsoft.Security.Utilities.Core/CachedDotNetRegex.cs b/src/Microsoft.Security.Utilities.Core/CachedDotNetRegex.cs
@@ -27,6 +27,8 @@ private CachedDotNetRegex()
 
         public static Regex GetOrCreateRegex(string pattern, RegexOptions options)
         {
+            pattern = NormalizeGroupsPattern(pattern);
+
             var key = (pattern, options);
 #if NET7_0_OR_GREATER
             return RegexCache.GetOrAdd(key, key => new Regex(key.Pattern, key.Options | RegexOptions.Compiled | RegexOptions.NonBacktracking));
@@ -35,6 +37,16 @@ public static Regex GetOrCreateRegex(string pattern, RegexOptions options)
 #endif
         }
 
+        internal static string NormalizeGroupsPattern(string pattern)
+        {
+            if (pattern.IndexOf("?P<") != -1)
+            {
+                return pattern.Replace("?P<", "?<");
+            }
+
+            return pattern;
+        }
+
         public bool IsMatch(string input, string pattern, RegexOptions options = RegexDefaults.DefaultOptionsCaseSensitive, TimeSpan timeout = default, string captureGroup = null)
         {
             // Note: Instance Regex.IsMatch has no timeout overload.

diff --git a/src/Microsoft.Security.Utilities.Core/PotentialSecurityKeys/SEC101_060_LooseSasSecret.cs b/src/Microsoft.Security.Utilities.Core/PotentialSecurityKeys/SEC101_060_LooseSasSecret.cs
@@ -13,7 +13,7 @@ public LooseSasSecret()
             Id = "SEC101/060";
             Name = nameof(LooseSasSecret);
             DetectionMetadata = DetectionMetadata.HighEntropy | DetectionMetadata.MediumConfidence;
-            Pattern = @$"(?i)(?:^|[?;&])(?:dsas_secret|sig)=(?<refine>[0-9a-z\/+%]{{43,129}}(?:=|%3d))";
+            Pattern = @$"(?i)(?:^|[?;&])(?:dsas_secret|sig)=(?P<refine>[0-9a-z\/+%]{{43,129}}(?:=|%3d))";
             Signatures = new HashSet<string>(new[] { "sig=", "ret=" });
         }
 

diff --git a/...rosoft.Security.Utilities.Core/PotentialSecurityKeys/SEC101_061_LooseOAuth2BearerToken.cs b/...rosoft.Security.Utilities.Core/PotentialSecurityKeys/SEC101_061_LooseOAuth2BearerToken.cs
@@ -14,7 +14,7 @@ public OAuth2BearerToken()
             DetectionMetadata = DetectionMetadata.LowConfidence;
 
             // https://datatracker.ietf.org/doc/html/rfc6750#section-2.1
-            Pattern = @$"(?i)authorization:(\s|%20)bearer(\s|%20)(?<refine>[0-9a-z][{WellKnownRegexPatterns.UrlUnreserved}+\/=]*)([^{WellKnownRegexPatterns.UrlUnreserved}+/=]|$)";
+            Pattern = @$"(?i)authorization:(\s|%20)bearer(\s|%20)(?P<refine>[0-9a-z][{WellKnownRegexPatterns.UrlUnreserved}+\/=]*)([^{WellKnownRegexPatterns.UrlUnreserved}+/=]|$)";
         }
 
         public override IEnumerable<string> GenerateTruePositiveExamples()

diff --git a/...oft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/Azure32ByteIdentifiableKey.cs b/...oft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/Azure32ByteIdentifiableKey.cs
@@ -13,7 +13,7 @@ public abstract class Azure32ByteIdentifiableKey : IdentifiableKey
     {
         public override string Pattern
         {
-            get => @$"{WellKnownRegexPatterns.PrefixAllBase64}(?<refine>[{WellKnownRegexPatterns.Base64}]{{33}}{RegexNormalizedSignature}[A-P][{WellKnownRegexPatterns.Base64}]{{5}}=){WellKnownRegexPatterns.SuffixAllBase64}";
+            get => @$"{WellKnownRegexPatterns.PrefixAllBase64}(?P<refine>[{WellKnownRegexPatterns.Base64}]{{33}}{RegexNormalizedSignature}[A-P][{WellKnownRegexPatterns.Base64}]{{5}}=){WellKnownRegexPatterns.SuffixAllBase64}";
             protected set => base.Pattern = value;
         }
     }

diff --git a/...ft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/Azure32ByteIdentifiableKeys.cs b/...ft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/Azure32ByteIdentifiableKeys.cs
@@ -17,7 +17,7 @@ internal sealed class Azure32ByteIdentifiableKeys : RegexPattern
     public Azure32ByteIdentifiableKeys()
     {
         Pattern = $@"{WellKnownRegexPatterns.PrefixAllBase64}" +
-                  $@"(?<refine>[{WellKnownRegexPatterns.Base64}]{{33}}(AIoT|\+(ASb|AEh|ARm))[A-P][{WellKnownRegexPatterns.Base64}]{{5}}=)" +
+                  $@"(?P<refine>[{WellKnownRegexPatterns.Base64}]{{33}}(AIoT|\+(ASb|AEh|ARm))[A-P][{WellKnownRegexPatterns.Base64}]{{5}}=)" +
                   $@"{WellKnownRegexPatterns.SuffixAllBase64}";
 
         RotationPeriod = TimeSpan.FromDays(365 * 2);

diff --git a/...oft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/Azure64ByteIdentifiableKey.cs b/...oft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/Azure64ByteIdentifiableKey.cs
@@ -15,7 +15,7 @@ public abstract class Azure64ByteIdentifiableKey : IdentifiableKey
 
         public override string Pattern
         {
-            get => $@"{WellKnownRegexPatterns.PrefixAllBase64}(?<refine>[{WellKnownRegexPatterns.Base64}]{{76}}{RegexNormalizedSignature}[{WellKnownRegexPatterns.Base64}]{{5}}[AQgw]==){WellKnownRegexPatterns.SuffixAllBase64}";
+            get => $@"{WellKnownRegexPatterns.PrefixAllBase64}(?P<refine>[{WellKnownRegexPatterns.Base64}]{{76}}{RegexNormalizedSignature}[{WellKnownRegexPatterns.Base64}]{{5}}[AQgw]==){WellKnownRegexPatterns.SuffixAllBase64}";
             protected set => base.Pattern = value;
         }
     }

diff --git a/...ft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/Azure64ByteIdentifiableKeys.cs b/...ft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/Azure64ByteIdentifiableKeys.cs
@@ -15,7 +15,7 @@ internal sealed class Azure64ByteIdentifiableKeys : RegexPattern
     public Azure64ByteIdentifiableKeys()
     {
         Pattern = $@"{WellKnownRegexPatterns.PrefixAllBase64}" +
-                  $@"(?<refine>[{WellKnownRegexPatterns.Base64}]{{76}}(APIM|ACDb|\+(ABa|AMC|ASt))[{WellKnownRegexPatterns.Base64}]{{5}}[AQgw]==)" +
+                  $@"(?P<refine>[{WellKnownRegexPatterns.Base64}]{{76}}(APIM|ACDb|\+(ABa|AMC|ASt))[{WellKnownRegexPatterns.Base64}]{{5}}[AQgw]==)" +
                   $@"{WellKnownRegexPatterns.SuffixAllBase64}";
 
         RotationPeriod = TimeSpan.FromDays(365 * 2);

diff --git a/...crosoft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_031_NuGetApiKey.cs b/...crosoft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_031_NuGetApiKey.cs
@@ -19,7 +19,7 @@ public NuGetApiKey()
 
             // This is the ApiKeyV4 format implemented here:
             // https://github.com/NuGet/NuGetGallery/blob/main/src/NuGetGallery.Services/Authentication/ApiKeyV4.cs
-            Pattern = "(?i)(^|[^a-z0-9])(?<refine>oy2[a-z2-7]{43})([^a-z0-9]|$)";
+            Pattern = "(?i)(^|[^a-z0-9])(?P<refine>oy2[a-z2-7]{43})([^a-z0-9]|$)";
 
             Signatures = new HashSet<string>(new[] { "oy2", "OY2" });
         }

diff --git a/...rosoft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_050_NpmAuthorKey.cs b/...rosoft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_050_NpmAuthorKey.cs
@@ -12,7 +12,7 @@ public NpmAuthorKey()
             Id = "SEC101/050";
             Name = nameof(NpmAuthorKey);
             DetectionMetadata = DetectionMetadata.FixedSignature | DetectionMetadata.HighEntropy | DetectionMetadata.HighConfidence;
-            Pattern = @$"{WellKnownRegexPatterns.PrefixBase62}(?<refine>npm_[{WellKnownRegexPatterns.Base62}]{{36}}){WellKnownRegexPatterns.SuffixBase62}";
+            Pattern = @$"{WellKnownRegexPatterns.PrefixBase62}(?P<refine>npm_[{WellKnownRegexPatterns.Base62}]{{36}}){WellKnownRegexPatterns.SuffixBase62}";
             Signatures = new HashSet<string>(new[] { "npm_" });
         }
 

diff --git a/src/Microsoft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_102_AdoPat.cs b/src/Microsoft.Security.Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_102_AdoPat.cs
@@ -14,7 +14,7 @@ public AdoLegacyPat()
             Id = "SEC101/102";
             Name = nameof(AdoLegacyPat);
             DetectionMetadata = DetectionMetadata.HighEntropy | DetectionMetadata.EmbeddedChecksum;
-            Pattern = "(?:[^2-7a-z]|^)(?<refine>[2-7a-z]{52})(?:[^2-7a-z]|$)";
+            Pattern = "(?:[^2-7a-z]|^)(?P<refine>[2-7a-z]{52})(?:[^2-7a-z]|$)";
         }
 
         public override Tuple<string, string> GetMatchIdAndName(string match)

diff --git a/...ilities.Core/PreciselyClassifiedSecurityKeys/SEC101_104_AzureCosmosDBLegacyCredentials.cs b/...ilities.Core/PreciselyClassifiedSecurityKeys/SEC101_104_AzureCosmosDBLegacyCredentials.cs
@@ -12,7 +12,7 @@ public AzureCosmosDBLegacyCredentials()
             Id = "SEC101/104";
             Name = nameof(AzureCosmosDBLegacyCredentials);
             DetectionMetadata = DetectionMetadata.HighEntropy | DetectionMetadata.ObsoleteFormat;
-            Pattern = "(?i)\\.documents\\.azure\\.com.+(?:^|[^0-9a-z\\/+])(?<refine>[0-9a-z\\/+]{86}==)(?:[^=]|$)";
+            Pattern = "(?i)\\.documents\\.azure\\.com.+(?:^|[^0-9a-z\\/+])(?P<refine>[0-9a-z\\/+]{86}==)(?:[^=]|$)";
         }
 
         public override Tuple<string, string> GetMatchIdAndName(string match)

diff --git a/...lities.Core/PreciselyClassifiedSecurityKeys/SEC101_105_AzureMessagingLegacyCredentials.cs b/...lities.Core/PreciselyClassifiedSecurityKeys/SEC101_105_AzureMessagingLegacyCredentials.cs
@@ -13,7 +13,7 @@ public AzureMessageLegacyCredentials()
             Id = "SEC101/105";
             Name = nameof(AzureMessageLegacyCredentials);         
             DetectionMetadata = DetectionMetadata.HighEntropy | DetectionMetadata.ObsoleteFormat | DetectionMetadata.MediumConfidence;
-            Pattern = "(?i)\\.servicebus\\.windows.+[^0-9a-z\\/+](?<refine>[0-9a-z\\/+]{43}=)(?:[^=]|$)";
+            Pattern = "(?i)\\.servicebus\\.windows.+[^0-9a-z\\/+](?P<refine>[0-9a-z\\/+]{43}=)(?:[^=]|$)";
             Signatures = new HashSet<string>(new[] { ".servicebus" });
         }
 

diff --git a/...s.Core/PreciselyClassifiedSecurityKeys/SEC101_106_AzureStorageAccountLegacyCredentials.cs b/...s.Core/PreciselyClassifiedSecurityKeys/SEC101_106_AzureStorageAccountLegacyCredentials.cs
@@ -14,7 +14,7 @@ public AzureStorageAccountLegacyCredentials()
             Id = "SEC101/106";
             Name = nameof(AzureStorageAccountLegacyCredentials);
             DetectionMetadata = DetectionMetadata.HighEntropy;
-            Pattern = "(?i)(?:AccountName|StorageName|StorageAccount)\\s*=.+(?:Account|Storage)Key\\s*=\\s*(?<refine>[0-9a-z\\\\\\/+]{86}==)(?:[^=]|$)";
+            Pattern = "(?i)(?:AccountName|StorageName|StorageAccount)\\s*=.+(?:Account|Storage)Key\\s*=\\s*(?P<refine>[0-9a-z\\\\\\/+]{86}==)(?:[^=]|$)";
         }
 
         public override Tuple<string, string> GetMatchIdAndName(string match)

diff --git a/....Security.Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_110.AzureDatabricksPat.cs b/....Security.Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_110.AzureDatabricksPat.cs
@@ -12,7 +12,7 @@ public AzureDatabricksPat()
             Id = "SEC101/110";
             Name = nameof(AzureDatabricksPat);
             DetectionMetadata = DetectionMetadata.HighEntropy | DetectionMetadata.HighConfidence;
-            Pattern = $"(?:^|[^0-9a-f\\-])(?<refine>dapi[0-9a-f\\-]{{32,34}})(?:[^0-9a-f\\-]|$)";
+            Pattern = $"(?:^|[^0-9a-f\\-])(?P<refine>dapi[0-9a-f\\-]{{32,34}})(?:[^0-9a-f\\-]|$)";
             Signatures = new HashSet<string>(new[] { "dapi" });
         }
 

diff --git a/....Core/PreciselyClassifiedSecurityKeys/SEC101_156_AzureClientAppIdentifiableCredentials.cs b/....Core/PreciselyClassifiedSecurityKeys/SEC101_156_AzureClientAppIdentifiableCredentials.cs
@@ -12,7 +12,7 @@ public AadClientAppIdentifiableCredentials()
             Id = "SEC101/156";
             Name = "AadClientAppIdentifiableCredentials";
             DetectionMetadata = DetectionMetadata.Identifiable;
-            Pattern = $"{WellKnownRegexPatterns.PrefixUrlUnreserved}(?<refine>[{WellKnownRegexPatterns.RegexEncodedUrlUnreserved}]{{3}}(7|8)Q~[{WellKnownRegexPatterns.RegexEncodedUrlUnreserved}]{{31,34}}){WellKnownRegexPatterns.SuffixUrlUnreserved}";
+            Pattern = $"{WellKnownRegexPatterns.PrefixUrlUnreserved}(?P<refine>[{WellKnownRegexPatterns.RegexEncodedUrlUnreserved}]{{3}}(7|8)Q~[{WellKnownRegexPatterns.RegexEncodedUrlUnreserved}]{{31,34}}){WellKnownRegexPatterns.SuffixUrlUnreserved}";
             Signatures = new HashSet<string>(new[] { "8Q~", "7Q~" });
         }
 

diff --git a/...Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_158_AzureFunctionIdentifiableKey.cs b/...Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_158_AzureFunctionIdentifiableKey.cs
@@ -27,7 +27,7 @@ public AzureFunctionIdentifiableKey()
 
         public override string Pattern
         {
-            get => @$"{WellKnownRegexPatterns.PrefixUrlSafeBase64}(?<refine>[{WellKnownRegexPatterns.RegexEncodedUrlSafeBase64}]{{44}}{Signatures!.First()}[{WellKnownRegexPatterns.RegexEncodedUrlSafeBase64}]{{5}}[AQgw]==){WellKnownRegexPatterns.SuffixUrlSafeBase64}";
+            get => @$"{WellKnownRegexPatterns.PrefixUrlSafeBase64}(?P<refine>[{WellKnownRegexPatterns.RegexEncodedUrlSafeBase64}]{{44}}{Signatures!.First()}[{WellKnownRegexPatterns.RegexEncodedUrlSafeBase64}]{{5}}[AQgw]==){WellKnownRegexPatterns.SuffixUrlSafeBase64}";
             protected set => base.Pattern = value;
         }
 

diff --git a/...lities.Core/PreciselyClassifiedSecurityKeys/SEC101_166_AzureSearchIdentifiableQueryKey.cs b/...lities.Core/PreciselyClassifiedSecurityKeys/SEC101_166_AzureSearchIdentifiableQueryKey.cs
@@ -22,7 +22,7 @@ public AzureSearchIdentifiableQueryKey()
 
         public override string Pattern
         {
-            get => @$"{WellKnownRegexPatterns.PrefixAllBase64}(?<refine>[{WellKnownRegexPatterns.Base62}]{{42}}{Signatures!.First()}[A-D][{WellKnownRegexPatterns.Base62}]{{5}}){WellKnownRegexPatterns.SuffixAllBase64}";
+            get => @$"{WellKnownRegexPatterns.PrefixAllBase64}(?P<refine>[{WellKnownRegexPatterns.Base62}]{{42}}{Signatures!.First()}[A-D][{WellKnownRegexPatterns.Base62}]{{5}}){WellKnownRegexPatterns.SuffixAllBase64}";
             protected set => base.Pattern = value;
         }
 

diff --git a/....Core/PreciselyClassifiedSecurityKeys/SEC101_176_AzureContainerRegistryIdentifiableKey.cs b/....Core/PreciselyClassifiedSecurityKeys/SEC101_176_AzureContainerRegistryIdentifiableKey.cs
@@ -19,7 +19,7 @@ public AzureContainerRegistryIdentifiableKey()
 
         public override string Pattern
         {
-            get => @$"{WellKnownRegexPatterns.PrefixAllBase64}(?<refine>[{WellKnownRegexPatterns.Base64}]{{42}}{RegexNormalizedSignature}[A-D][{WellKnownRegexPatterns.Base64}]{{5}}){WellKnownRegexPatterns.SuffixAllBase64}";
+            get => @$"{WellKnownRegexPatterns.PrefixAllBase64}(?P<refine>[{WellKnownRegexPatterns.Base64}]{{42}}{RegexNormalizedSignature}[A-D][{WellKnownRegexPatterns.Base64}]{{5}}){WellKnownRegexPatterns.SuffixAllBase64}";
             protected set => base.Pattern = value;
         }
 

diff --git a/...y.Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_200_CommonAnnotatedSecurityKey.cs b/...y.Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_200_CommonAnnotatedSecurityKey.cs
@@ -13,7 +13,7 @@ public CommonAnnotatedSecurityKey()
             Id = "SEC101/200";
             Name = nameof(CommonAnnotatedSecurityKey);
             DetectionMetadata = DetectionMetadata.Identifiable;
-            Pattern = $"{WellKnownRegexPatterns.PrefixBase62}(?<refine>[{WellKnownRegexPatterns.Base62}]{{52}}JQQJ9(?:9|D|H)[{WellKnownRegexPatterns.Base62}][A-L][{WellKnownRegexPatterns.Base62}]{{16}}[A-Za-z][{WellKnownRegexPatterns.Base62}]{{7}}(?:[{WellKnownRegexPatterns.Base62}]{{2}}==)?)";
+            Pattern = $"{WellKnownRegexPatterns.PrefixBase62}(?P<refine>[{WellKnownRegexPatterns.Base62}]{{52}}JQQJ9(?:9|D|H)[{WellKnownRegexPatterns.Base62}][A-L][{WellKnownRegexPatterns.Base62}]{{16}}[A-Za-z][{WellKnownRegexPatterns.Base62}]{{7}}(?:[{WellKnownRegexPatterns.Base62}]{{2}}==)?)";
             Signatures = "JQQJ9".ToSet();
         }
 

diff --git a/...ty.Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_565_SecretScanningSampleToken.cs b/...ty.Utilities.Core/PreciselyClassifiedSecurityKeys/SEC101_565_SecretScanningSampleToken.cs
@@ -18,7 +18,7 @@ public SecretScanningSampleToken()
             Id = "SEC101/565";
             Name = nameof(SecretScanningSampleToken);
             DetectionMetadata = DetectionMetadata.FixedSignature | DetectionMetadata.HighEntropy | DetectionMetadata.HighConfidence;
-            Pattern = @$"{WellKnownRegexPatterns.PrefixBase62}(?<refine>secret_scanning_ab85fc6f8d7638cf1c11da812da308d43_[0-9A-Za-z]{{5}}){WellKnownRegexPatterns.SuffixBase62}";
+            Pattern = @$"{WellKnownRegexPatterns.PrefixBase62}(?P<refine>secret_scanning_ab85fc6f8d7638cf1c11da812da308d43_[0-9A-Za-z]{{5}}){WellKnownRegexPatterns.SuffixBase62}";
             Signatures = "ab85".ToSet();
         }
 

diff --git a/src/Microsoft.Security.Utilities.Core/UrlCredentials.cs b/src/Microsoft.Security.Utilities.Core/UrlCredentials.cs
@@ -14,7 +14,7 @@ public UrlCredentials()
 
         Name = nameof(UrlCredentials);
 
-        Pattern = @"($|\b)(ftps?|https?):\/\/(?<refine>[^:@\/]+:[^:@?\/]+)@";
+        Pattern = @"($|\b)(ftps?|https?):\/\/(?P<refine>[^:@\/]+:[^:@?\/]+)@";
 
         DetectionMetadata = DetectionMetadata.MediumConfidence;
 

diff --git a/src/Tests.Microsoft.Security.Utilities.Core/AdoLegacyPatTests.cs b/src/Tests.Microsoft.Security.Utilities.Core/AdoLegacyPatTests.cs
@@ -1,8 +1,6 @@
 // Copyright (c) Microsoft. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
-using System.Diagnostics.CodeAnalysis;
-
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 
 namespace Microsoft.Security.Utilities.Core