Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content is not correctly censored #413

Closed
alina-tuholukova-gg opened this issue Nov 7, 2022 · 7 comments
Closed

Content is not correctly censored #413

alina-tuholukova-gg opened this issue Nov 7, 2022 · 7 comments
Assignees
@Walz
Labels
status:confirmed This issue has been reviewed and confirmed type:bug Something isn't working

Comments

@alina-tuholukova-gg
Copy link
Contributor

alina-tuholukova-gg commented Nov 7, 2022
edited by agateau-gg

Environment

  • ggshield version: latest
  • Operating system (Linux, macOS, Windows): Linux
  • Operating system version:
  • Python version: 3.10

Describe the bug

Steps to reproduce:

  1. create file secret.txt with the following content (note the starting empty line)

password = 123nlsdkjfsaodi09ufsdf

# known
secret = "sk_live_epISFDSkdeXmn5asTvb7RHAi"

# new
secret = "sk_live_epISFDSkdeXmn5bnKvb7RHBn"
  1. Run command ggshield secret scan path secret.txt

Actual result:

Screenshot from 2022-11-07 14-17-34

Expected result:

Secret censored correctly

Note: when in commit (pre-commit, pre-push etc) the content is censored correctly. Same bug with ggshield secret scan archive ...
@alina-tuholukova-gg alina-tuholukova-gg added type:bug Something isn't working status:new This issue needs to be reviewed labels Nov 7, 2022
@agateau-gg agateau-gg added good first issue Good for newcomers status:confirmed This issue has been reviewed and confirmed and removed status:new This issue needs to be reviewed labels Nov 9, 2022
@pierrelalanne pierrelalanne mentioned this issue Jan 27, 2023
Closed
@MostlyGenius
Copy link

can you assign this issue to me?

@agateau-gg
Copy link
Collaborator

Sure, here you are!

@MostlyGenius MostlyGenius removed their assignment May 2, 2023
@SuperAayush
Copy link

Hey @agateau-gg!!

I would like to contribute to this issue!!

@agateau-gg
Copy link
Collaborator

Hi @SuperAayush, great to hear! You can have a look at our CONTRIBUTING.md file to get started. Feel free to ask more questions about the task as you need to.

@SuperAayush
Copy link

Hey @agateau-gg!!

I wanted to clear some of my doubts regarding the issue and was searching for Slack or Discord server for gg, I was unable to find one.

Can you please let me know what is the best medium to have a conversion with you?
Thank You!!

@Walz
Copy link
Collaborator

Walz commented Jul 17, 2023

Hello @SuperAayush,

I took a look at this bug and I found it's a server-side issue. It seems the document is stripped of its white-spaces by the API, rendering the indices of the match invalid. This can be seen from the secrets detection playground:

image
image

The value of index_start and index_end stay the same with spaces and newlines at the start of the document. This cause the bug describe in this issue, because it's based on the indices from the API.

I've opened an internal PR to fix this bug. This should be fixed in our next release.

Sorry for any wasted time, because the bug was caused by our API. Your involvement was still valuable. Thank you for dedicating your time to help with our open-source CLI. I encourage you to ask any questions directly on the GitHub issues as we currently use it as our primary communication channel.

@Walz Walz removed the good first issue Good for newcomers label Jul 17, 2023
@Walz Walz self-assigned this Jul 17, 2023
@Walz
Copy link
Collaborator

Walz commented Aug 1, 2023

The fix has been deployed.

@Walz Walz closed this as completed Aug 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Walz Walz

Labels
status:confirmed This issue has been reviewed and confirmed type:bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Walz @SuperAayush @MostlyGenius @agateau-gg @alina-tuholukova-gg