Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

audit can't find multi-line yaml strings and raises a ValueError #227

Open
OiCMudkips opened this issue Aug 20, 2019 · 1 comment
Open

audit can't find multi-line yaml strings and raises a ValueError #227

OiCMudkips opened this issue Aug 20, 2019 · 1 comment
Labels
bug The issue describes a malfunctioning aspect of the project. false negatives help wanted Indicates that we would like someone that’s not a maintainer to work on the issue. triaged The issue has been reviewed but has not been solved yet.

Comments

@OiCMudkips
Copy link
Contributor

OiCMudkips commented Aug 20, 2019
edited
Loading

Since audit expects a secret to only be on one line, it can't find yaml multi-line strings.

Relevant code snippet:

detect-secrets/detect_secrets/core/audit.py

Lines 604 to 617 in 17918d8

snippet = CodeSnippetHighlighter().get_code_snippet(
file_lines,
secret['line_number'],
lines_of_context=lines_of_context,
)
raw_secret_value = get_raw_secret_value(
secret,
plugin_settings,
io.StringIO(file_content),
filename,
)
snippet.highlight_line(raw_secret_value)

In 0.12.4 and before, this was fine because then get_raw_secret_value would fail, and we would catch the SecretNotFoundOnSpecifiedLineError and handle it properly (i.e. show the user an error and let them move onto the next secret).

In 0.12.5 we made it so that get_raw_secret_value can find multi-line secrets by using plugins' analyze function. However, snippet.highlight_line doesn't know that, and it fails with a ValueError, causing the audit process to terminate.

There are 2 tasks to this:

  1. Fix the ValueError causing the program to crash
  2. Figure out a method to handle multi-line yaml strings

YAML file: https://i.fluffy.cc/Sm96l1X9PHsvKwPCNNMgBSHjGg56qhTg.html
Generated baseline: https://i.fluffy.cc/4LgX9jCZ9cblGlXJ46bv30hvTFPppz9L.html
@OiCMudkips
Copy link
Contributor Author

I'll fix the first part, but the second part is probably more involved.

OiCMudkips pushed a commit to OiCMudkips/detect-secrets that referenced this issue Aug 21, 2019
Don't crash when highlighter fails in audit
49256ff 
Addresses Yelp#227
@OiCMudkips OiCMudkips mentioned this issue Aug 21, 2019
Merged
@lorenzodb1 lorenzodb1 added pending The issue still needs to be reviewed by one of the maintainers. and removed audit functionality labels Jun 13, 2022
@hwine hwine mentioned this issue Jul 14, 2022
Closed
@lorenzodb1 lorenzodb1 added help wanted Indicates that we would like someone that’s not a maintainer to work on the issue. false negatives bug The issue describes a malfunctioning aspect of the project. triaged The issue has been reviewed but has not been solved yet. and removed pending The issue still needs to be reviewed by one of the maintainers. labels May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue describes a malfunctioning aspect of the project. false negatives help wanted Indicates that we would like someone that’s not a maintainer to work on the issue. triaged The issue has been reviewed but has not been solved yet.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@OiCMudkips @lorenzodb1