Closed andrei-on-github closed 3 months ago
Hi @andrei-on-github, I just looked at your test file and it seems the Slack key in it is too short to be recognized. If I add another character at the end, ggshield detects it. Is this a valid key or was it truncated?
Hello @agateau-gg. Indeed the secret is recognised if i add one more character. I have incorrecly assumed that, for slack only the: xoxb-,xoxp-,xwfp- parts are necessary for a pattern recognition to work, did not find any relevant information about lenght being a factor so I assumed it was not being used in the scanning process.
Thank you!
Great! closing this issue then.
Environment
Describe the bug
ggshield doesn't detect any secrets in my .py files, nor in other types of files.
A clear and concise description of what the bug is. `[andrei@xeria test]$ ggshield auth login ggshield is already authenticated without an expiry date [andrei@xeria test]$ echo $(cat testfile.py) from http.server import BaseHTTPRequestHandler, HTTPServer import logging test_slack_key = "xoxb-563210206324-FGqsdnMasd3fgsd4" [andrei@xeria test]$ ggshield secret scan path -r . Scanning... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 1 / 1
No secrets have been found
[andrei@xeria test]$`
Steps to reproduce:
ggshield scan something
ggshield secret scan path -r . ggshield secret scan path -r testfile.py I also to use in git as a pre-commit hook: `!/bin/sh
ggshield secret scan pre-commit "$@"
[andrei@xeria test]$ git add testfile.py [andrei@xeria test]$ git commit -m "adding secrets file" Scanning... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 1 / 1
No secrets have been found
[master 1921bde] adding secrets file 1 file changed, 1 insertion(+) [andrei@xeria test]$ `
Actual result: ggshield report that no secrets have been found: No secrets have been found
I've also tested this by installing as a pre-commit hook, and the behavior is the same
Expected result:
ggshield reports that the files or commits contain hardcoded secrets If applicable, add logs or screenshots to help explain your problem.