Describe the bug
Sometimes, the reported start and end lines are different even though the end line has nothing to do with the finding

To Reproduce

1. Create a new directory containing only a single file (.env.prod) with the following content:

DB_HOST=example.com
DB_PORT=443
DB_USERNAME=postgres
DB_PASSWORD=8ae31cacf141669ddfb5da
DB_NAME=best_db
DB_SSL=true

2. Run gitleaks detect --no-git --report-path o
3. In o , you will find the following report:

[
 {
  "Description": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.",
  "StartLine": 4,
  "EndLine": 5,
  "StartColumn": 5,
  "EndColumn": 1,
  "Match": "PASSWORD=8ae31cacf141669ddfb5da",
  "Secret": "8ae31cacf141669ddfb5da",
  "File": ".env.prod",
  "SymlinkFile": "",
  "Commit": "",
  "Entropy": 3.5383105,
  "Author": "",
  "Email": "",
  "Date": "",
  "Message": "",
  "Tags": [],
  "RuleID": "generic-api-key",
  "Fingerprint": ".env.prod:generic-api-key:4"
 }
]

Expected behavior
The start line is correct. However, the start column already is wrong because start column 5 means that the finding is

SSWORD=8ae31cacf141669ddfb5da
DB

if columns are 0-indexed and

ASSWORD=8ae31cacf141669ddfb5da
D

if columns are 1-indexed.

However, what really seems very wrong is the jump into line 5 because DB_NAME has nothing to do with the password.

Screenshots
If applicable, add screenshots to help explain your problem.

Basic Info (please complete the following information):

• OS: Manjaro
• Gitleaks Version: 8.18.2

cc @zricethezav

@m1cm1c thanks for raising this issue. I'm able to reproduce it but don't have a solution right now. If a community member wants to investigate that would be great, if not, then I'll get to it eventually.