Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[audit functionality] Return the correct occurrence of the secret text in a line #110

Closed
KevinHock opened this issue Dec 28, 2018 · 2 comments
Closed

[audit functionality] Return the correct occurrence of the secret text in a line #110

KevinHock opened this issue Dec 28, 2018 · 2 comments
Labels
bug The issue describes a malfunctioning aspect of the project. duplicate The issue has already already been reported.

Comments

@KevinHock
Copy link
Collaborator

KevinHock commented Dec 28, 2018
edited
Loading

If you have e.g.

self.thepassword = "thepassword"

and run the soon-to-be-merged keyword detector, then run the audit functionality, it will highlight the first occurrence, and instead of the second. This is a bug.

This is because in audit.py we find the index of the secret

detect-secrets/detect_secrets/core/audit.py

Line 561 in 1415b4b

index_of_secret = secret_line.lower().index(raw_secret.lower())

and we don't return the index of the secret in the secret_generator method of plugins.

This somewhat related to the issue of handling multiple secrets on the same line

detect-secrets/detect_secrets/plugins/base.py

Line 76 in 1415b4b

# TODO: Handle multiple secrets on single line.

@KevinHock
Copy link
Collaborator Author

On a related note, w/r/t the Keyword detector, the biggest source of not specific-to-yelp false-positives are variables like FORGOT_PASSWORD: 'forgot_password' where LHS == RHS, maybe I shouldn't flag these, as I've only seen false-positives, but not catching password = 'password' would irk me.

@lorenzodb1 lorenzodb1 added pending The issue still needs to be reviewed by one of the maintainers. and removed audit functionality labels Jun 13, 2022
@lorenzodb1 lorenzodb1 added duplicate The issue has already already been reported. bug The issue describes a malfunctioning aspect of the project. and removed pending The issue still needs to be reviewed by one of the maintainers. labels May 9, 2024
@lorenzodb1
Copy link
Member

Closing as duplicate of #493.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue describes a malfunctioning aspect of the project. duplicate The issue has already already been reported.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KevinHock @lorenzodb1