Closed dinvlad closed 1 year ago
Thank you, this should be fixed in #758 and should be released soon.
Thanks! Would it be possible to make this detector more specific also?
Hey Dinvlad, feel free to open up another issue for making the detector more specific, closing this one for the verification being resolved
Community Note
Description
Currently, Codacy detector detects lines like
as verified secrets (
15620814908828598437
in this case).Btw, this is from off-the-shelf codacy/codacy-coverage-reporter-action.
Problem to be Addressed
Codacy detector should be more sensitive and should not be using
https://app.codacy.com/api/v3/version
as token verification endpoint, as this endpoint is unauthenticated and always returns 200.Description of the Preferred Solution
Perhaps we should add
/tmp/codacy-coverage
to the list of known FPs for this detector? This seems like it will be a common occurrence, coming from the official codacy/codacy-coverage-reporter-action.Additionally, FPs marked in this pattern consist of 20 digit-only characters, which seems like an outlier because typical Codacy tokens have various alphanumeric characters, not just digits. Perhaps there's improvement to be made there in the regex.
Also, we should use an authenticated endpoint for verification (I'm not sure which one, however).
Additional Context
References