Closed bengerman13 closed 2 years ago
This is good. The regexes won't catch every multi-line potential secret, as that would result in an avalanche of false positives. It'll trigger for regexes that look like they intend to continue. E.g.:
app.secret_key = (
"\x07~m\xde\x76\xda\x18\x6f!\x86\xdf_@%\xf1{\xbb\xe8)\xcbV\xde\x84\xc3"
does get caught. But
app.secret_key
"\x07~m\xde\x76\xda\x18\x6f!\x86\xdf_@%\xf1{\xbb\xe8)\xcbV\xde\x84\xc3"
)
is not caught.
Changes proposed in this pull request:
security considerations
Catch more secrets