You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a verification test fails, the log output should include this information so that potentially valid secrets aren't discounted.
For instance, if a slow remote server can cause the request to timeout:
Get "https://app.scrapingbee.com/api/v1/?api_key=TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ&url=https://httpbin.org/anything?json&render_js=false": context deadline exceeded
Which in turn will cause the secret to be reported as "unverified" without information about the failure, or excluded altogether if using --only-verified.
Found unverified result 🐷🔑❓
Detector Type: ScrapingBee
Decoder Type: PLAIN
Raw result: TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ
File: pkg/detectors/scrapingbee/scrapingbee_test.go
Line: 147
Preferred Solution
Two potential solutions come to mind.
Add "VeriticationError" to outputs such as PlainPrinter.
Found unverified result 🐷🔑❓
Detector Type: ScrapingBee
Decoder Type: PLAIN
Raw result: TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ
File: pkg/detectors/scrapingbee/scrapingbee_test.go
Line: 147
VerificationError: Get "https://app.scrapingbee.com/api/v1/?api_key=TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ&url=https://httpbin.org/anything?json&render_js=false": context deadline exceeded
Add a third case for results that include VerificationError that perhaps can still show up with --only-verified.
Failed to verify result 🐷🔑❌
Detector Type: ScrapingBee
Decoder Type: PLAIN
Raw result: TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ
File: pkg/detectors/scrapingbee/scrapingbee_test.go
Line: 147
VerificationError: Get "https://app.scrapingbee.com/api/v1/?api_key=TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ&url=https://httpbin.org/anything?json&render_js=false": context deadline exceeded
Additional Context
This may only be applicable to plain output. I haven't tested it with JSON or anything else.
References
N/A
The text was updated successfully, but these errors were encountered:
Please review the Community Note before submitting
Description
When a verification test fails, the log output should include this information so that potentially valid secrets aren't discounted.
For instance, if a slow remote server can cause the request to timeout:
Which in turn will cause the secret to be reported as "unverified" without information about the failure, or excluded altogether if using
--only-verified
.Preferred Solution
Two potential solutions come to mind.
VerificationError
that perhaps can still show up with--only-verified
.Additional Context
This may only be applicable to plain output. I haven't tested it with JSON or anything else.
References
N/A
The text was updated successfully, but these errors were encountered: