detect-secrets icon indicating copy to clipboard operation
detect-secrets copied to clipboard

Published 20 hours ago verified publisher icon Yelp

detect-secrets not scanning files in nested directories

Open Darguelles opened this issue 1 year ago • 1 comments

  • I'm submitting a ...

    • [x] bug report
    • [ ] feature request

  • What is the current behavior?

I'm using detect-secrets 1.5.0, from a repo_directory initialised with git. Inside this repository there is a nested folder named inner, with its own baseline file and some test files with secrets to be detected, all files tracked by git.

When I run detect-secrets scan inner/ it successfully updates the baseline in the root directory. If I specify the baseline inside inner directory, it is updated too.

When I cd into inner directory and run detect-secrets scan, then no secrets on the files are not detected and the baseline only updates the generated_at field.

  • If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem
  1. Create an empty directory (temporary_dir)
  2. Initialize git
  3. Create 2 files containing secrets (eg. secrets.properties with password=hunter123)
  4. Add a baseline file (default one)
  5. Create a nested directory (eg inner)
  6. Copy the created files into nested directory
  7. Run git add . to track the files with git.
  8. Run detect-secrets scan inner/ , it will show a baseline output with the results containing secrets detection.
  9. cd into nested directory. Run detect-secrets scan. The secrets baseline is not updated and result is empty.

  • What is the expected behavior? detect-secrets scan should detect secrets on the directory it's being executed.

  • What is the motivation / use case for changing the behavior?

It's a use case for scanning on specific folders without need to specify the path at root level.

  • Please tell us about your environment:
    • detect-secrets Version: 1.5.0
    • Python Version: 3.11
    • OS Version: macOS Sonoma 14.6
    • File type (if applicable): .properties, ,yaml

Darguelles avatar Aug 14 '24 11:08 Darguelles

Hi @Darguelles, thank you for opening this issue 😄 There's a PR related to this issue (https://github.com/Yelp/detect-secrets/pull/774) which is in a semi-abandoned state. I'd encourage you to pick it up and open a PR yourself so we can merge it to master

lorenzodb1 avatar Aug 14 '24 15:08 lorenzodb1