pragma allow list comment is not always working

[nbraun-wolf]

Hi, I noticed that sometimes to allow list isn't working. I have a case here where I store a dummy api key for local development in a .env file.

# pragma: allowlist nextline secret
PDFREACTOR_APIKEY=pdfapikey22

But the pre commit hook is marking this file as error.

ERROR: Potential secrets about to be committed to git repo!
Secret Type: Secret Keyword
Location:    .env:22

[jamesliu4c]

We are also experiencing this.

[Klutch27]

The inline version is also problematic. I have a couple of inline # pragma: allowlist secret, but they're still getting flagged.

UPDATE: FWIW, in my case I just added it to the baseline by regenerating the file, and now it's fine.

[efimk-lu]

Hey, any update on this one?

[jpdakran]

Hello @efimk-lu. We are currently in the process of creating a triaging plan for all issues that exist in this repository. I will make a note of this one and we will investigate further at our earliest convenience. Thank you for your patience.

[jpdakran]

Hi @jamesliu4c @Klutch27 @efimk-lu, which file types where you experiencing this issue with. Is it also the .env?

[jamesliu4c]

Python and JavaScript for me and @Klutch27.

[efimk-lu]

@jpdakran I had a typo, so ignore my previous comment. Things are working

[jpdakran]

@jamesliu4c Can you post an example of a python or javascript file so I can attempt to reproduce. I have verified this is an issue for config files and this is because they go through an IniFileParser which stripes out comments that are on a new line. However for config files - the inline version # pragma: allowlist secret should work.

[jpdakran]

Closing this since the original issue for the .env file has been fixed. If you wish to reopen this issue with the other file types and secret context. I would be happy to investigate that further.