You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
It is not able to detect JFrog artifactory role ID and role secret ID, which is actually a v1 UUID.
To Reproduce
Steps to reproduce the behavior:
Have a file with content similar to this:
/******************************************************************************** IBM Confidential* OCO Source Materials* (C) Copyright IBM Corp 2018 All Rights Reserved.* The source code for this program is not published or otherwise divested of* its trade secrets, * irrespective of what has been deposited with* the U.S. Copyright Office.******************************************************************************/// Keep these properties populated.process.env.vault_url="https://some.url.com";process.env.vault_path="blah blah";// Keep these properties empty and commented out unless you need to run tests locally.// Contact your team lead or DevOps team member for the values.process.env.vault_role_id="<v1-uuid>";process.env.vault_secret_id="<v1-uuid>";//For debug purposes.// process.env.VAULT_DEBUG = "true";
Run detect-secrets scan --use-all-plugins --update .secrets.baseline over it.
Run detect-secrets audit .secrets.baseline over it, and you'll see it says:
Nothing to audit.
And voila, you've successfully leaked the secrets 😅.
The text was updated successfully, but these errors were encountered:
Determines if a potential secret contains any UUIDs.
:type secret: str
:rtype: bool
Returns True if the string has a UUID, false otherwise.
"""
# Using a regex to find strings that look like false-positives
# will find us more false-positives than if we just tried validate
# the input string as a UUID (for example, if the string has a prefix
# or suffix).
returnbool(_UUID_REGEX.search(secret))
So gets flagged as a false positive and let through. The Yelp source has the ability to disable filters via --disable-filter <...> but that doesn't seem to be an option with the IBM fork.
Describe the bug
It is not able to detect JFrog artifactory role ID and role secret ID, which is actually a v1 UUID.
To Reproduce
Steps to reproduce the behavior:
detect-secrets scan --use-all-plugins --update .secrets.baseline
over it.detect-secrets audit .secrets.baseline
over it, and you'll see it says:And voila, you've successfully leaked the secrets 😅.
The text was updated successfully, but these errors were encountered: