Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add a "skip next line" pragma #367

Closed
wants to merge 6 commits into from
Closed

add a "skip next line" pragma #367

wants to merge 6 commits into from

Conversation

nickiaconis
Copy link
Contributor

Some configuration files, like Java's .properties files and Docker's Dockerfile, don't allow inline comments. This PR adds support for a "skip next line" pragma to solve this use case. For example:

# pragma: allowlist nextline secret
password=xyz

This should solve #319.

domanchi
domanchi reviewed Nov 19, 2020
View reviewed changes
Copy link
Contributor

@domanchi domanchi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great turnaround on this!

Besides stylistic comments, you will also need to modify https://github.com/Yelp/detect-secrets/pull/356/files#diff-bad716776100dfb6fdad237381526e524042316894d806953446d39984aabe27R165 to inject context into the filter -- otherwise, this will run per plugin, which is not something we want.

detect_secrets/filters/allowlist.py Outdated Show resolved Hide resolved
tests/filters/allowlist_filter_test.py Outdated Show resolved Hide resolved
detect_secrets/filters/allowlist.py Outdated Show resolved Hide resolved
domanchi
domanchi reviewed Nov 19, 2020
View reviewed changes
Copy link
Contributor

@domanchi domanchi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nickiaconis, please also modify https://github.com/Yelp/detect-secrets/pull/356/files#diff-bad716776100dfb6fdad237381526e524042316894d806953446d39984aabe27R165 to include the context variable in there -- otherwise, this PR won't work.

detect_secrets/filters/allowlist.py Outdated Show resolved Hide resolved
detect_secrets/filters/allowlist.py
r'{}{} *pragma: ?{}{}[ -]secret.*?{}[ \t]*$'.format(
r'^[ \t]*' if nextline else r'[ \t]+',
start,
r'allowlist' if nextline else r'(allow|white)list',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm also fine if these are the same. Supporting whitelist is just for backwards compatibility, and I'm fine with keeping that backwards compatibility around for the nextline regex too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't mind one way or the other, but my thinking was that, b/c nextline is new, it doesn't have any backward compatibility to contend with. Thus, requiring allowlist for nextline prepares uses of it for the future removal of whitelist, whereas allowing both opens the possibility of further entrenching whitelist.

@nickiaconis
Copy link
Contributor Author

Totally missed the top comment and link to the diff in your previous review. Sorry about that. 😅

Just to double check, is this the line in question? https://github.com/Yelp/detect-secrets/blob/pre-v1-adding-verification/detect_secrets/core/scan.py#L165 It looks like GH can't scroll to a line in a diff that's not part of the diff context.

@domanchi
Copy link
Contributor

Yup, that's the one.

@nickiaconis
Copy link
Contributor Author

Hey @domanchi, just want to follow up on this. Is there anything left unresolved at this point?

domanchi
domanchi approved these changes Nov 30, 2020
View reviewed changes
Copy link
Contributor

@domanchi domanchi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the follow up -- I must have missed the notification that you were able to make the changes.

detect_secrets/core/scan.py Outdated Show resolved Hide resolved
detect_secrets/filters/allowlist.py Outdated Show resolved Hide resolved
@nickiaconis
Copy link
Contributor Author

I think that's everything, but just lmk if there's anything more to be done here. 🙂

@domanchi domanchi closed this Dec 2, 2020
@domanchi domanchi deleted the branch Yelp:pre-v1-adding-verification December 2, 2020 13:11
@domanchi
Copy link
Contributor

domanchi commented Dec 2, 2020

Ah whoops. Did not mean to close this PR by cleaning up my branches. I will merge your changes manually.

@domanchi
Copy link
Contributor

domanchi commented Dec 2, 2020

This has been merged: b73c473

@sfc-gh-nsfard
Copy link

Hello @domanchi ! When can we expect to see this change published?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@domanchi domanchi domanchi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nickiaconis @domanchi @sfc-gh-nsfard