KeywordDetector plugin doesn't detect secrets which start with a symbol
gpflaum opened this issue · 0 comments
gpflaum commented
-
I'm submitting a ...
- bug report
- feature request
-
What is the current behavior?
The KeywordDetector plugin doesn't detect secrets which start with a symbol. The comments in keyword.py say it will "find secrets that starts with symbols or alphanumeric characters". That used to work, but a change made in #442 to address a performance problem broke this. After that change it only finds secrets which start with word characters (\w
): letters, digits, or underscore.
- If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem
Create a file leading_symbol.properties
:
# KeywordDetector does not find this secret:
a_password = +eTxoi3271x
# It does find this secret:
b_password = eTxoi3271x+
detect-secrets and detect-secrets-hook only find the second secret, don't find the secret with a leading symbol:
% detect-secrets-hook leading_symbol.properties
ERROR: Potential secrets about to be committed to git repo!
Secret Type: Secret Keyword
Location: leading_symbol.properties:4
Possible mitigations:
- For information about putting your secrets in a safer place, please ask in
#security
- Mark false positives with an inline `pragma: allowlist secret`
comment
If a secret has already been committed, visit
https://help.github.com/articles/removing-sensitive-data-from-a-repository
- What is the expected behavior?
KeywordDetector should find secrets that start with a symbol.
- Please tell us about your environment:
- detect-secrets Version: 1.5
- Python Version: 3.11.2
- OS Version: macOS Sonoma
- File type (if applicable): various