HS-LEAKS: False positive in go.sum (linkedin...)

[stefanb]

When a Go program uses a module from Linkedin (eg https://github.com/linkedin/goavro ) the name will be mentioned in go.sum file followed by a hash on the same line, eg:

github.com/linkedin/goavro v2.1.0+incompatible/go.mod h1:bBCwI2eGYpUI/4820s67MElg9tdeLbINjLjiM2xZFYM=
github.com/linkedin/goavro/v2 v2.10.0/go.mod h1:UgQUb2N/pmueQYH9bfqFioWxzYCZXSfF8Jw03O5sjqA=
github.com/linkedin/goavro/v2 v2.10.1/go.mod h1:UgQUb2N/pmueQYH9bfqFioWxzYCZXSfF8Jw03O5sjqA=
github.com/linkedin/goavro/v2 v2.11.1/go.mod h1:UgQUb2N/pmueQYH9bfqFioWxzYCZXSfF8Jw03O5sjqA=

...which triggers a false positive via regexp in:

horusec/internal/services/engines/leaks/rules.go

Lines 171 to 187 in 873d410

	func NewLinkedInClientID() *text.Rule {
	return &text.Rule{
	Metadata: engine.Metadata{
	ID: "HS-LEAKS-9",
	Name: "LinkedIn Client ID",
	Description: "When use LinkedIn Client ID is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.",
	Severity: severities.Critical.ToString(),
	Confidence: confidence.Medium.ToString(),
	SafeExample: SampleSafeHSLEAKS9,
	UnsafeExample: SampleVulnerableHSLEAKS9,
	},
	Type: text.Regular,
	Expressions: []*regexp.Regexp{
	regexp.MustCompile(`(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}`),
	},
	}
	}

This likely affects other LEAKS rulesc with loose regexp and companies publishing opensource libraries.