Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keyword plugin not detecting "password" keyword? #699

Open
1 task
howard-adam opened this issue Jun 13, 2023 · 2 comments
Open
1 task

Keyword plugin not detecting "password" keyword? #699

howard-adam opened this issue Jun 13, 2023 · 2 comments
Labels
bug The issue describes a malfunctioning aspect of the project. good first issue The issue can be tackled by someone who has little to no knowledge about the project. help wanted Indicates that we would like someone that’s not a maintainer to work on the issue. triaged The issue has been reviewed but has not been solved yet.

Comments

@howard-adam
Copy link

  • I'm submitting a ...

    • [X ] bug report
    • feature request

  • What is the current behavior?
    "detect-secrets scan" misses files in current directory or subdirectories containing "password" keyword

  • If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem
    in git repository, create a file ATEST.cs with just two lines:
    Get Connection String
    String oraConnStr = "Data Source=sis2:1521/dprod.sis2.domain.org;User ID=svcacct;Password=svcacctpass;";

  • What is the expected behavior?
    detect-secrets scan will identify this file as containing secrets according to keyword plugin

  • What is the motivation / use case for changing the behavior?

  • Please tell us about your environment:

    • detect-secrets Version: 1.4.0
    • Python Version: 3.11.3
    • OS Version: Windows 10.0.09045.2965
    • File type (if applicable): text file

  • Other information
    I've tried running detect-secrets via pre-commit hook or straight from command line. When I tried on real-world files, the Base64HighEntropyString did have some false-positive results, but none of the files containing the keyword "Password" are being detected.
@geekNero
Copy link

geekNero commented Jul 11, 2023
edited
Loading

It won't detect password unless it's in complete quotes:
for ex:
password=hjsadni221" won't be detected

password= "ansdna" will be detected

@perryzjc
Copy link
Contributor

The tool fails to detect passwords unless they are enclosed in quotes. For example:

  • password=hjsadni221 is not detected,
  • but password="ansdna" is detected.

Hi @geekNero, @howard-adam,

I recently encountered an issue similar to the one described above. When a password is not enclosed in quotes, it is not detected as a secret. Here is an example:

PASSWORD=aijewga@#!%^ahgfdndbks211

This password is not detected, as shown in the following images:
image1
image2

However, when I add quotes around the password:

PASSWORD="aijewga@#!%^ahgfdndbks211"

The tool successfully detects it as a secret:
image3
image4
image5

I have reviewed the relevant keyword_test.py test file from the Yelp/detect-secrets repository. I noticed that some test cases do not cover scenarios where the password is not enclosed in quotes:
image6

Additionally, after looking into the source code of keyword.py, I found that the implementations were based on some heuristic approaches. While the design makes sense in some contexts, I am wondering if we could improve this behavior. Will it be more helpful for password detection or bring up more false positives?

Could you share your thoughts on this? I am interested in resolving this problem. Thanks!

@perryzjc perryzjc mentioned this issue Oct 26, 2023
Closed
@lorenzodb1 lorenzodb1 added the pending The issue still needs to be reviewed by one of the maintainers. label Nov 17, 2023
@lorenzodb1 lorenzodb1 added help wanted Indicates that we would like someone that’s not a maintainer to work on the issue. good first issue The issue can be tackled by someone who has little to no knowledge about the project. triaged The issue has been reviewed but has not been solved yet. bug The issue describes a malfunctioning aspect of the project. and removed pending The issue still needs to be reviewed by one of the maintainers. labels May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue describes a malfunctioning aspect of the project. good first issue The issue can be tackled by someone who has little to no knowledge about the project. help wanted Indicates that we would like someone that’s not a maintainer to work on the issue. triaged The issue has been reviewed but has not been solved yet.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lorenzodb1 @geekNero @perryzjc @howard-adam