Open leotizzei opened 2 months ago
hmmm, it seems to detect it for me for the example you've given?
detect-secrets --version
0.13.1+ibm.61.dss
Make the file:
cat << EOF > test-secret.py
def main():
s = "e215LWJ1Y2tldC1uYW1lOiB7YWNjZXNzLWtleS1pZDogbXktYWNjZXNzLWtleSwgc2VjcmV0LWFjY2Vzcy1rZXk6IG15LXNlY3JldH0gfQo="
print(s)
if __name__ == "__main__":
main()
EOF
Generate baseline:
detect-secrets --verbose scan --update .secrets.baseline.test test-secret.py
Checking file: test-secret.py
Caught secret shows up in to-be-audited baseline:
detect-secrets audit .secrets.baseline.test --report
1 potential secrets in .secrets.baseline.test were reviewed. Found 0 live secrets, 1 unaudited secret and 0 secrets that were audited as real.
Failed Condition Secret Type Filename Line
------------------ -------------------------- -------------- ------
Unaudited Base64 High Entropy String test-secret.py 2
Describe the bug detect-secrets tool does not detect secrets that are base64 encoded
To Reproduce Steps to reproduce the behavior:
def main(): print("Hello world")
if name == "main": main()
if name == "main": main()
Expected behavior I expected that detect-secrets tool would detect the hardcoded base64 secret