wrong line number reported in finding #379
Comments
|
Huh. How curious. Thanks for providing the example. I'll look into this. |
|
OK, I'm not sure what's going on here, but this bug seems to have been fixed in the upcoming v1 release. $ detect-secrets scan heroku.md
{
"generated_at": "2020-12-12T00:19:48Z",
"version": "1.0.0",
"plugins_used": [
{
"name": "ArtifactoryDetector"
},
{
"name": "AWSKeyDetector"
},
{
"name": "AzureStorageKeyDetector"
},
{
"name": "BasicAuthDetector"
},
{
"name": "CloudantDetector"
},
{
"name": "Base64HighEntropyString"
},
{
"name": "HexHighEntropyString"
},
{
"name": "IbmCloudIamDetector"
},
{
"name": "IbmCosHmacDetector"
},
{
"name": "JwtTokenDetector"
},
{
"name": "KeywordDetector"
},
{
"name": "MailchimpDetector"
},
{
"name": "NpmDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "SlackDetector"
},
{
"name": "SoftlayerDetector"
},
{
"name": "StripeDetector"
},
{
"name": "TwilioKeyDetector"
}
],
"filters_used": [
{
"path": "detect_secrets.filters.heuristic.is_potential_uuid"
},
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.heuristic.is_sequential_string"
},
{
"path": "detect_secrets.filters.heuristic.is_likely_id_string"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
}
],
"results": {
"heroku.md": [
{
"type": "Basic Auth Credentials",
"filename": "heroku.md",
"hashed_secret": "9c1efdbda8819e6d5f0f3a7e645426d47067de46",
"is_verified": false,
"line_number": 179
},
{
"type": "Secret Keyword",
"filename": "heroku.md",
"hashed_secret": "f292701a838da72f0f50265db042e85a7c762f9b",
"is_verified": false,
"line_number": 222
},
{
"type": "Basic Auth Credentials",
"filename": "heroku.md",
"hashed_secret": "1c2b0d17c738509518ecc6efa233ee6c10e724f2",
"is_verified": false,
"line_number": 265
},
{
"type": "Secret Keyword",
"filename": "heroku.md",
"hashed_secret": "839b72ecbe126e0a0971ed3bf00c3ad9c288f12d",
"is_verified": false,
"line_number": 331
}
]
}
}We're working on trying to get this version out sooner rather than later, so I'm going to close this issue as "eventually fixed", and recommend bumping version (when it is ready). |
jimmyhlee94
pushed a commit
to jimmyhlee94/detect-secrets
that referenced
this issue
Aug 19, 2021
* updating all_plugin list to previous version * storing and pulling filename from PluginDescriptorClass * passing filename list to import_plugins from methods that call it * remove not needed print statement * adding in pluginFilename to mapping secret to class name function * Fix audit.py tests * Fix more tests/core/audit_test.py tests * Fix more tests and rename pluginFilename to plugin_filenames * Trailing commas * Partially fix test_audit_display_results * Fix tests once and for all :D * Remove test.py * Spacing * Remove unnecessary code * Even more refactoring * Refactor tests * Resolve pre-commit hooks * Reword Cloudant disable_help_text * Refactor comment * Lowercase credentials * Pluralize active_plugins_filenames in usage.py * Remove unnecessary mock * Split up lines exceeding max line length and revert change to pre-commit hook * Convert plugin_filenames to a tuple in usage.py and secrets_collection.py * If a plugin is missing in from_plugin_classname, warn the user and return. * Only push initialized plugin classname if not null * Regenerate detect secrets baseline * Print to stderr when plugin not found * Flush output * Add doc comments for plugin_filenames * Undo changes for .pre-commit-config.yaml * Add results back into .secrets.baseline * Update error message in from_plugin_classname * Remove extra backtick * Refactor.... * Attempt to fix coverage... * Fix Flake8 issue * Add test for checking that db2 can be made optional * Remove unused plugin_filenames parameter * Remove plugin_filename doc comment since no longer needed * Switch plugin_filenames list conversion to tuple instead. Remove unnecesary string conversion. * Check if DB2 plugin in args.plugin_filenames in test * plugin_filenames doc comments * More tuple docstrings * Docstring * Add comment * Refactor... * test_consolidates_removes_disabled_db2_plugin * Make no such plugins warning text yellow and remove newline at the end Co-authored-by: Shamil Patel <shamil.patel@ibm.com>
jimmyhlee94
pushed a commit
to jimmyhlee94/detect-secrets
that referenced
this issue
Aug 19, 2021
Follow up of Yelp#379
jimmyhlee94
pushed a commit
to jimmyhlee94/detect-secrets
that referenced
this issue
Aug 19, 2021
* Fix disable flags for pre-commit Follow up of Yelp#379 * docstrings
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
running latest master on this file: https://github.com/strapi/strapi/blame/master/docs/v3.x/deployment/heroku.md
shows findings on lines 180 & 273 - when in fact the basic auth creds are on lines 179 & 272; there is an off-by-one...
The text was updated successfully, but these errors were encountered: