Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Keyword Plugin] Add more to FALSE_POSITIVES #118

Merged
merged 1 commit into from
Jan 29, 2019
Merged

[Keyword Plugin] Add more to FALSE_POSITIVES #118

merged 1 commit into from
Jan 29, 2019

Conversation

KevinHock
Copy link
Collaborator

@KevinHock KevinHock commented Jan 29, 2019
edited
Loading

Just a few additions to the FALSE_POSITIVES tuple.

The only notable one is that we will not alert on password = 'password', I felt comfortable with this because I have seen nothing but false-positives so far.

@KevinHock KevinHock changed the title 🔭 [Keyword Plugin] Add more to FALSE_POSITIVES [Keyword Plugin] Add more to FALSE_POSITIVES Jan 29, 2019
domanchi
domanchi approved these changes Jan 29, 2019
View reviewed changes
detect_secrets/plugins/keyword.py
@@ -62,21 +62,29 @@
'dummy_secret',
'false',
'false):',
'false,',
'false;',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At some point, I wonder whether it would be better to just do:

FALSE_POSITIVES = []
for key in ['false', 'none', ...]:
    for suffix in [',', ';', '']:
        FALSE_POSITIVES.append(key + suffix)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, I think we will at some point, a lot fp's don't have a trailing char so I'm gonna hold off until it is more battle-tested.

Also been meaning to make it a dict instead of a tuple.

@KevinHock KevinHock merged commit cea1815 into master Jan 29, 2019
KevinHock added a commit that referenced this pull request Jan 29, 2019
@KevinHock
↪️ Merge pull request #118 from Yelp/fix_keyword_false_positives
dcaa569 
[Keyword Plugin] Add more to FALSE_POSITIVES
@KevinHock KevinHock deleted the fix_keyword_false_positives branch March 21, 2019 22:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@domanchi domanchi domanchi approved these changes

Assignees

@domanchi domanchi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@KevinHock @domanchi