Detect same secret multiple times in the same line or file

[domanchi]

From https://github.com/Yelp/detect-secrets/pull/52, we're able to do:

$ detect-secrets scan --string '012345678a'

but what happens if the string two or more secrets? e.g.

$ detect-secrets scan --string '"0123456789a" and "0123456789b"'

Right now, we're only going to show the scanned results for the first secret. But you can imagine it's kinda weird UX to only show results for the first one (silently ignoring the second).

[domanchi]

For posterity, this may be a nice feature, but it's a pretty involved change.

Essentially, what it boils down to is "how do you tell if two secrets are equal?" Currently, we compare three fields, and they were chosen in such a way that the following cases who be flagged as two distinct secrets:

• Same secret, different file
• Same secret, different plugin that flagged it
• Different secrets

This also means that if a secret is moved around through normal development, it's not going to re-alert, and the pre-commit hook won't flag it as a new secret. This also helps with performance when identifying new secrets -- if every secret is treated different, you would go from O(1) unique hash lookup to O(n) to look through your secret collection.

Ultimately, in our use case, we currently don't see developer behavior that recycles the use of a static secret string in different parts of the file (thank goodness). Contributions are welcome, if this case fits your needs more.