detect-secrets
detect-secrets copied to clipboard
Yelp
detect-secrets not identifying all the secret occurrences in a file
If the secret written into a file at multiple locations, only the first one being identified by detect-secrets. Remaining instances are not getting reported by detect-secrets.
Example code in demo.txt
- secret="abcd"
- random code
- secret="abcd"
Now run the detect-secrets scan on the above file and observe that the issue will be reported only at the line 1 and it is not reported the line number 3.
Hey, this is mentioned in the docs, to avoid this you can do the following: go to detect-secrets/detect_secrets/core/potential_secret.py on line number 53, you'll find a list. In that list add another parameter "line_number". So it should look something like this: self.fields_to_compare = ['filename', 'secret_hash', 'type', 'line_number']
I'm running into this issue as well.
Would it be worth adding a command line flag/programmatic setting of this behavior?
I'll give it a go but the devs have been inactive for a while, I doubt they'll accept it. Still I'll drop the link to my forked repository.
Hello everyone, apologies for the delayed reply. I've gathered some context around this issue and it turns out that this is actually a feature ™. Jokes aside, the idea behind this is that if detect-secrets flags a secret in a file, a developer would look for other instances of the same secret in it. Now, I personally do like the idea of flagging all instances, but the change is not trivial. #527 would help a lot, and I'm pushing for it to be merged as soon as possible. In the meantime, forgive us and stay tuned for more updates :)
