Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supporting multiword adhoc string scans #287

Merged
merged 1 commit into from
Mar 25, 2020
Merged

Supporting multiword adhoc string scans #287

merged 1 commit into from
Mar 25, 2020

Conversation

domanchi
Copy link
Contributor

Issue

I wanted to perform an adhoc scan for a line of code, using the scan --string option. However, I came across this strange behavior:

$ detect-secrets scan --string 'aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj1vSGc1U0pZUkhBMA=='
Base64HighEntropyString: True  (5.023)
$ detect-secrets scan --string 'aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj1vSGc1U0pZUkhBMA== blah'
Base64HighEntropyString: False

Solution

Support multi-word scans through this functionality. We maintain strict backwards compatibility, so this should be a sole addition. There may be some confusion as to what the entropy value returned from a multi-word string refers to, but it seems like this is a better option than adding another --line functionality to handle this case.

@domanchi domanchi requested a review from KevinHock March 25, 2020 00:11
KevinHock
KevinHock approved these changes Mar 25, 2020
View reviewed changes
Copy link
Collaborator

@KevinHock KevinHock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢 :shipit: lgtm

detect_secrets/plugins/high_entropy_strings.py
round(self.calculate_shannon_entropy(string), 3),
round(
self.calculate_shannon_entropy(
list(results.keys())[0].secret_value,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Maybe add a # There can only be 1 secret in the results comment

@domanchi domanchi merged commit e23c803 into master Mar 25, 2020
@domanchi domanchi deleted the multiword-string-scan branch March 25, 2020 00:48
@domanchi domanchi mentioned this pull request Mar 25, 2020
Merged
killuazhu pushed a commit to IBM/detect-secrets that referenced this pull request May 28, 2020
@justineyster
Update README (Yelp#287)
7d74c95 
Supports git-defenders/detect-secrets-discuss#390
killuazhu pushed a commit to IBM/detect-secrets that referenced this pull request Jul 9, 2020
@justineyster
Update README (Yelp#287)
fda3bea 
Supports git-defenders/detect-secrets-discuss#390
killuazhu pushed a commit to IBM/detect-secrets that referenced this pull request Sep 17, 2020
@justineyster
Update README (Yelp#287)
fa39922 
Supports git-defenders/detect-secrets-discuss#390
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KevinHock KevinHock KevinHock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@domanchi @KevinHock