-
Notifications
You must be signed in to change notification settings - Fork 448
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ValueError: substring not found #467
Comments
Same here for a huge nested single-line json file (valid, though): Secret: 3 of 3
Filename: filename.json
Secret Type: Base64 High Entropy String
----------
Traceback (most recent call last):
File "/home/user/anaconda3/envs/secret_env/bin/detect-secrets", line 8, in <module>
sys.exit(main())
File "/home/user/anaconda3/envs/secret_env/lib/python3.9/site-packages/detect_secrets/main.py", line 32, in main
handle_audit_action(args)
File "/home/user/anaconda3/envs/secret_env/lib/python3.9/site-packages/detect_secrets/main.py", line 152, in handle_audit_action
audit.audit_baseline(args.filename[0])
File "/home/user/anaconda3/envs/secret_env/lib/python3.9/site-packages/detect_secrets/audit/audit.py", line 25, in audit_baseline
if _classify_secrets(get_secret_iterator(secrets)):
File "/home/user/anaconda3/envs/secret_env/lib/python3.9/site-packages/detect_secrets/audit/audit.py", line 42, in _classify_secrets
io.print_context(
File "/home/user/anaconda3/envs/secret_env/lib/python3.9/site-packages/detect_secrets/audit/io.py", line 37, in print_context
context.snippet.highlight_line(context.secret.secret_value)
File "/home/user/anaconda3/envs/secret_env/lib/python3.9/site-packages/detect_secrets/util/code_snippet.py", line 75, in highlight_line
index_of_payload = self.target_line.lower().index(payload.lower())
ValueError: substring not found |
I have the same issue, it seems that the tool has a problem with the |
Yes, this looks like to be an issue with multi-line secrets. As stated in the README, multi-line secrets are not supported. I do agree that failures caused by this caveat should be caught and fail gracefully. |
I investigated this further and it does look like this is a deeper rooted issue with the YAML file parser - specifically block vs literal style. For the time being, I will have a fix so we catch the error and allow the tool to continue processing. I will also add a work item for myself to further investigate the YAML file parser. |
Is there any way to install some kind of snapshot/nightly of detect-secrets which include this fix? |
@ghilainm Not at the present time. We will have to wait until a new release of detect-secrets. This should be happening very soon. We will keep this point as a take-away to determine how we can ship fixes faster in the future. |
I get the error below when running the audit on my baseline.
Command:
detect-secrets audit --json .secrets.baseline
Error Message:
Additional Information:
Corresponding part of the file:
It seems that the tool can't handle such syntax in yaml files.
The text was updated successfully, but these errors were encountered: