From 281ef2dfb5b1a1f6b153bbbe2f2baac12e44822a Mon Sep 17 00:00:00 2001
From: Donovan So <donovanso@yahoo.com.hk>
Date: Thu, 9 May 2024 15:52:30 +0100
Subject: [PATCH] fix bug where regex redaction is run even when there isn't a
 match

---
 internal/policy/policy.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/internal/policy/policy.go b/internal/policy/policy.go
index 2fd62fa..46edb5c 100644
--- a/internal/policy/policy.go
+++ b/internal/policy/policy.go
@@ -744,11 +744,13 @@ func (p *Policy) scan(input []string, scanner Scanner, cd CustomPolicyDetector,
 						continue
 					}
 
-					if sr.Action != Block && sr.Action != AllowButWarn {
-						sr.Action = AllowButRedact
-					}
+					if regex.MatchString(text) {
+						replaced = regex.ReplaceAllString(text, "***")
 
-					replaced = regex.ReplaceAllString(text, "***")
+						if sr.Action != Block && sr.Action != AllowButWarn {
+							sr.Action = AllowButRedact
+						}
+					}
 				}
 			}