Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 scan result has off-by-one line number, audit errors with another totally off line number #896

Open
1 of 2 tasks
FH-Inway opened this issue Nov 24, 2024 · 0 comments

Comments

@FH-Inway
Copy link

  • I'm submitting a ...

    • bug report
    • feature request
  • What is the current behavior?
    When scanning a .yml file where a potential "Secret Keyword" secret is identified, it is added with an off by one line_number to the results (baseline). Running an audit on the baseline results in an ERROR: Secret not found on line x! where the line number is totally different than the line_number in the baseline.

  • If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem

    1. Run the following command on pipeline-golden-database-backup.yml:
      detect-secrets scan pipeline-golden-database-backup.yml > .wrongLineNumber.secrets.baseline
    2. Note that the one result in the baseline file identifies line 37 as the line with the potential "Secret Keyword" secret. I'm guessing that line 38 or 39 trigger the KeywordDetector plugin and line 37 is reported because of transformers?
    3. Now run the audit on the baseline file with the following command:
      detect-secrets audit .wrongLineNumber.secrets.baseline
      This gives me the following dialog, where the line number 5 seems totally off.
Secret:      1 of 1
Filename:    pipeline-golden-database-backup.yml
Secret Type: Secret Keyword
----------
ERROR: Secret not found on line 5!
Try recreating your baseline to fix this issue.
----------
What would you like to do? (s)kip, (q)uit:
  • What is the expected behavior?

    • Scan result should contain either 38 or 39 as line_number. If that is not possible/hard to do because of the transformation, maybe a hint ("Secret may be in one of the following x lines") could be added?
    • Audit should work.
  • What is the motivation / use case for changing the behavior?
    To correctly identify and audit secrets.

  • Please tell us about your environment:

    • detect-secrets Version: 1.5.0
    • Python Version: 3.12.6
    • OS Version: Windows 11 Enterprise 23H2
    • File type (if applicable): YAML
  • Other information
    First time user of detect-secrets, thanks for making this available. I tried to check for existing issues and while I found some with off by one line numbers in the scan result, these are all closed. Hope I did not miss anything obvious.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant