Skip to content

Commit 624024a

Browse files
KevinHockKevinHock
authored
↪️ Merge pull request #342 from dryoni/yoni-fixes3
Fix binary secrets parsing issue in yaml files
2 parents c09b466 + 39e1b93 commit 624024a

File tree

2 files changed

+248
-22
lines changed

2 files changed

+248
-22
lines changed

detect_secrets/plugins/high_entropy_strings.py

+2-2
Original file line numberDiff line numberDiff line change
@@ -307,9 +307,9 @@ def _encode_yaml_binary_secrets(self, secrets):
307307
secret_in_yaml_format = yaml.dump(
308308
self.encode_to_binary(potential_secret.secret_value),
309309
).replace(
310-
'!!binary ',
310+
'!!binary |\n ',
311311
'',
312-
)
312+
).rstrip()
313313

314314
potential_secret.set_secret(secret_in_yaml_format)
315315

test_data/baseline.file

+246-20
Original file line numberDiff line numberDiff line change
@@ -1,42 +1,268 @@
11
{
2-
"generated_at": "2018-03-17T03:14:59Z",
3-
"exclude_regex": null,
2+
"custom_plugin_paths": [],
3+
"exclude": {
4+
"files": null,
5+
"lines": null
6+
},
7+
"generated_at": "2020-09-13T20:49:20Z",
8+
"plugins_used": [
9+
{
10+
"name": "AWSKeyDetector"
11+
},
12+
{
13+
"name": "ArtifactoryDetector"
14+
},
15+
{
16+
"base64_limit": 4.5,
17+
"name": "Base64HighEntropyString"
18+
},
19+
{
20+
"name": "BasicAuthDetector"
21+
},
22+
{
23+
"name": "CloudantDetector"
24+
},
25+
{
26+
"hex_limit": 3,
27+
"name": "HexHighEntropyString"
28+
},
29+
{
30+
"name": "IbmCloudIamDetector"
31+
},
32+
{
33+
"name": "IbmCosHmacDetector"
34+
},
35+
{
36+
"name": "JwtTokenDetector"
37+
},
38+
{
39+
"keyword_exclude": null,
40+
"name": "KeywordDetector"
41+
},
42+
{
43+
"name": "MailchimpDetector"
44+
},
45+
{
46+
"name": "PrivateKeyDetector"
47+
},
48+
{
49+
"name": "SlackDetector"
50+
},
51+
{
52+
"name": "SoftlayerDetector"
53+
},
54+
{
55+
"name": "StripeDetector"
56+
},
57+
{
58+
"name": "TwilioKeyDetector"
59+
}
60+
],
461
"results": {
5-
"file_with_secrets.py": [
62+
"config.env": [
663
{
7-
"type": "High Entropy String",
8-
"line_number": 3,
9-
"hashed_secret": "262547656a76a8a5d24ad428e7010e0fbb8d0413"
64+
"hashed_secret": "513e0a36963ae1e8431c041b744679ee578b7c44",
65+
"is_verified": false,
66+
"line_number": 1,
67+
"type": "Base64 High Entropy String"
1068
}
1169
],
12-
"sample.diff": [
70+
"config.ini": [
1371
{
14-
"type": "High Entropy String",
72+
"hashed_secret": "b5198bd9fe6726cf064a5b80b6dfe25ab793147f",
73+
"is_verified": false,
74+
"line_number": 2,
75+
"type": "Hex High Entropy String"
76+
},
77+
{
78+
"hashed_secret": "b5198bd9fe6726cf064a5b80b6dfe25ab793147f",
79+
"is_verified": false,
80+
"line_number": 2,
81+
"type": "Secret Keyword"
82+
},
83+
{
84+
"hashed_secret": "b1c6a9a65d292f95c2bb3bc1918eed10f4dabb16",
85+
"is_verified": false,
1586
"line_number": 10,
16-
"hashed_secret": "87acec17cd9dcd20a716cc2cf67417b71c8a7016"
87+
"type": "Hex High Entropy String"
88+
}
89+
],
90+
"config.md": [
91+
{
92+
"hashed_secret": "5343820d9546b186452efc24a0776244057f4b19",
93+
"is_verified": false,
94+
"line_number": 10,
95+
"type": "Base64 High Entropy String"
96+
}
97+
],
98+
"config.yaml": [
99+
{
100+
"hashed_secret": "5cbabd43e49a1fedbbc3b86311aa6c8fe446abf9",
101+
"is_verified": false,
102+
"line_number": 3,
103+
"type": "Hex High Entropy String"
17104
},
18105
{
19-
"type": "High Entropy String",
20-
"line_number": 34,
21-
"hashed_secret": "a539bed96675daafa460631f5a076d9afd70ea9c"
106+
"hashed_secret": "9080e79e67d92bd09c8a498a380190cdb4595072",
107+
"is_verified": false,
108+
"line_number": 4,
109+
"type": "Hex High Entropy String"
110+
},
111+
{
112+
"hashed_secret": "10ab7ab9856ae2aa93fcfeba71e99511dd55f70c",
113+
"is_verified": false,
114+
"line_number": 14,
115+
"type": "Base64 High Entropy String"
22116
},
23117
{
24-
"type": "High Entropy String",
25-
"line_number": 69,
26-
"hashed_secret": "b5ce0843584425c0b608d91cb07a50d634282d5d"
118+
"hashed_secret": "9e882e61ddaf94553323e1933403d6058ba26a6d",
119+
"is_verified": false,
120+
"line_number": 14,
121+
"type": "Secret Keyword"
27122
}
28123
],
29-
"tmp/file_with_secrets.py": [
124+
"config2.yaml": [
30125
{
31-
"type": "High Entropy String",
126+
"hashed_secret": "9e882e61ddaf94553323e1933403d6058ba26a6d",
127+
"is_verified": false,
128+
"line_number": 2,
129+
"type": "Secret Keyword"
130+
},
131+
{
132+
"hashed_secret": "e278763134b893ff03b8c776d7f20d8be1a5612c",
133+
"is_verified": false,
134+
"line_number": 2,
135+
"type": "Hex High Entropy String"
136+
}
137+
],
138+
"each_secret.py": [
139+
{
140+
"hashed_secret": "1bc97f6cb10c85b8c7d78c0cd21c39e3500f42d1",
141+
"is_verified": false,
32142
"line_number": 3,
33-
"hashed_secret": "eb33f663e25e69fad07fe0338935b4954b5027d2"
143+
"type": "Secret Keyword"
34144
},
35145
{
36-
"type": "High Entropy String",
146+
"hashed_secret": "1ca6beea06a87d5f77fa8e4523d0dc1f0965e2ce",
147+
"is_verified": false,
37148
"line_number": 3,
38-
"hashed_secret": "88aa1a600b44f0b5cacad4d6300f64afe6d6e9df"
149+
"type": "Base64 High Entropy String"
150+
},
151+
{
152+
"hashed_secret": "871deb5e9ff5ce5f777c8d3327511d05f581e755",
153+
"is_verified": false,
154+
"line_number": 4,
155+
"type": "Hex High Entropy String"
156+
},
157+
{
158+
"hashed_secret": "871deb5e9ff5ce5f777c8d3327511d05f581e755",
159+
"is_verified": false,
160+
"line_number": 4,
161+
"type": "Secret Keyword"
162+
},
163+
{
164+
"hashed_secret": "99b5e14eaf6b7cd863796dab48ae736be2ac6b53",
165+
"is_verified": false,
166+
"line_number": 5,
167+
"type": "Basic Auth Credentials"
168+
},
169+
{
170+
"hashed_secret": "abc87b1a41afc12fccfb148d8a632f76d2251767",
171+
"is_verified": false,
172+
"line_number": 8,
173+
"type": "Secret Keyword"
174+
},
175+
{
176+
"hashed_secret": "d70eab08607a4d05faa2d0d6647206599e9abc65",
177+
"is_verified": false,
178+
"line_number": 8,
179+
"type": "Base64 High Entropy String"
180+
}
181+
],
182+
"files/file_with_secrets.py": [
183+
{
184+
"hashed_secret": "262547656a76a8a5d24ad428e7010e0fbb8d0413",
185+
"is_verified": false,
186+
"line_number": 3,
187+
"type": "Base64 High Entropy String"
188+
}
189+
],
190+
"files/private_key": [
191+
{
192+
"hashed_secret": "27c6929aef41ae2bcadac15ca6abcaff72cda9cd",
193+
"is_verified": false,
194+
"line_number": 1,
195+
"type": "Private Key"
196+
}
197+
],
198+
"files/tmp/file_with_secrets.py": [
199+
{
200+
"hashed_secret": "88aa1a600b44f0b5cacad4d6300f64afe6d6e9df",
201+
"is_verified": false,
202+
"line_number": 3,
203+
"type": "Hex High Entropy String"
204+
},
205+
{
206+
"hashed_secret": "eb33f663e25e69fad07fe0338935b4954b5027d2",
207+
"is_verified": false,
208+
"line_number": 3,
209+
"type": "Hex High Entropy String"
210+
}
211+
],
212+
"sample.diff": [
213+
{
214+
"hashed_secret": "e2a1cb4d8da934cee6027f5fe14993b9c81158a4",
215+
"is_verified": false,
216+
"line_number": 10,
217+
"type": "Hex High Entropy String"
218+
},
219+
{
220+
"hashed_secret": "a539bed96675daafa460631f5a076d9afd70ea9c",
221+
"is_verified": false,
222+
"line_number": 34,
223+
"type": "Hex High Entropy String"
224+
},
225+
{
226+
"hashed_secret": "b5ce0843584425c0b608d91cb07a50d634282d5d",
227+
"is_verified": false,
228+
"line_number": 72,
229+
"type": "Hex High Entropy String"
230+
},
231+
{
232+
"hashed_secret": "b5ce0843584425c0b608d91cb07a50d634282d5d",
233+
"is_verified": false,
234+
"line_number": 72,
235+
"type": "Secret Keyword"
236+
}
237+
],
238+
"short_files/first_line.php": [
239+
{
240+
"hashed_secret": "27537b9a43d6490772281a06c014ec283325f2f3",
241+
"is_verified": false,
242+
"line_number": 1,
243+
"type": "Secret Keyword"
244+
}
245+
],
246+
"short_files/last_line.ini": [
247+
{
248+
"hashed_secret": "0de9a11b3f37872868ca49ecd726c955e25b6e21",
249+
"is_verified": false,
250+
"line_number": 5,
251+
"type": "Hex High Entropy String"
252+
}
253+
],
254+
"short_files/middle_line.yml": [
255+
{
256+
"hashed_secret": "66e02bb499b2a3f5f2894ce1b7959962c1a5a245",
257+
"is_verified": false,
258+
"line_number": 4,
259+
"type": "Base64 High Entropy String"
39260
}
40261
]
262+
},
263+
"version": "0.14.2",
264+
"word_list": {
265+
"file": null,
266+
"hash": null
41267
}
42268
}

0 commit comments

Comments
 (0)