Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect same secret multiple times in the same line or file #53

Open
domanchi opened this issue Jul 6, 2018 · 1 comment
Open

Detect same secret multiple times in the same line or file #53

domanchi opened this issue Jul 6, 2018 · 1 comment
Labels
enhancement The issue is related to improving a certain aspect of the project. help wanted Indicates that we would like someone that’s not a maintainer to work on the issue. triaged The issue has been reviewed but has not been solved yet.

Comments

@domanchi
Copy link
Contributor

domanchi commented Jul 6, 2018

From #52, we're able to do:

$ detect-secrets scan --string '012345678a'

but what happens if the string two or more secrets? e.g.

$ detect-secrets scan --string '"0123456789a" and "0123456789b"'

Right now, we're only going to show the scanned results for the first secret. But you can imagine it's kinda weird UX to only show results for the first one (silently ignoring the second).
@domanchi domanchi mentioned this issue Jul 6, 2018
Merged
@domanchi domanchi mentioned this issue Feb 22, 2019
Closed
@domanchi
Copy link
Contributor Author

For posterity, this may be a nice feature, but it's a pretty involved change.

Essentially, what it boils down to is "how do you tell if two secrets are equal?" Currently, we compare three fields, and they were chosen in such a way that the following cases who be flagged as two distinct secrets:

  • Same secret, different file
  • Same secret, different plugin that flagged it
  • Different secrets

This also means that if a secret is moved around through normal development, it's not going to re-alert, and the pre-commit hook won't flag it as a new secret. This also helps with performance when identifying new secrets -- if every secret is treated different, you would go from O(1) unique hash lookup to O(n) to look through your secret collection.

Ultimately, in our use case, we currently don't see developer behavior that recycles the use of a static secret string in different parts of the file (thank goodness). Contributions are welcome, if this case fits your needs more.

@KevinHock KevinHock changed the title support adhoc scanning with multiple secrets per line Detect same secret multiple times in the same line or file Mar 21, 2019
@lorenzodb1 lorenzodb1 added pending The issue still needs to be reviewed by one of the maintainers. and removed involved labels Jun 13, 2022
@lorenzodb1 lorenzodb1 added help wanted Indicates that we would like someone that’s not a maintainer to work on the issue. enhancement The issue is related to improving a certain aspect of the project. labels May 9, 2024
@lorenzodb1 lorenzodb1 added triaged The issue has been reviewed but has not been solved yet. and removed pending The issue still needs to be reviewed by one of the maintainers. labels May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement The issue is related to improving a certain aspect of the project. help wanted Indicates that we would like someone that’s not a maintainer to work on the issue. triaged The issue has been reviewed but has not been solved yet.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@KevinHock @domanchi @lorenzodb1