Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

exclude-secrets option is not working as expected #623

Open
meeragirijan opened this issue Sep 29, 2022 · 5 comments
Open

exclude-secrets option is not working as expected #623

meeragirijan opened this issue Sep 29, 2022 · 5 comments
Labels
bug The issue describes a malfunctioning aspect of the project. needs more info The issue has been reviewed, but the information provided by the reporter is incomplete. P3 When you get around it. E.g. a fix for non-breaking issue we will work on when there's nothing more

Comments

@meeragirijan
Copy link

We are trying to avoid disabling the plugin "keyword-detector" and use exclude-secrets option as part of the scan to exclude words that contain "secret" specifically. I have tried multiple regex variations to include this substring, which was validated through regex compilers, but we still get the JSON generated with these values tagged as secrets. What is the right approach to achieve this?
@jpdakran
Copy link
Member

jpdakran commented Sep 29, 2022
edited

@meeragirijan Hello. Thank you for your question. Using the --exclude-secrets here is probably not the right approach. This will only filter according to the actual secret value - not the keyword (variable name).

What you probably want to use is the --exclude-lines. This will look at the entire line the secret is on. Therefore it will look at keyword, secret, and all text on that line.

@meeragirijan
Copy link
Author

I have tried the same with --exclude-lines as well but I get the same result as the json. Is it possible that there is a specific way the regex is being evaluated ?

@meeragirijan
Copy link
Author

I tried with a different regex and it seems to be working now with --exclude-lines option

@meeragirijan
Copy link
Author

Using this with windows agent throws an exception on the same agent that this path is unavailable. Whereas when we run it wothout this option --exclude-lines it seems to work fine. Does this option have any specific version?

@jpdakran jpdakran added needs more info The issue has been reviewed, but the information provided by the reporter is incomplete. bug The issue describes a malfunctioning aspect of the project. P4 Future work. E.g. something we might to get on in the future. Might be used for future ideas too. labels Mar 22, 2023
@jpdakran
Copy link
Member

Hi @meeragirijan. It seems you were able to get this working on a specific os? Can you please provide the regex you are using, stack trace of the failing attempts, and specific command that is run.

@jpdakran jpdakran added P3 When you get around it. E.g. a fix for non-breaking issue we will work on when there's nothing more and removed P4 Future work. E.g. something we might to get on in the future. Might be used for future ideas too. labels Mar 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue describes a malfunctioning aspect of the project. needs more info The issue has been reviewed, but the information provided by the reporter is incomplete. P3 When you get around it. E.g. a fix for non-breaking issue we will work on when there's nothing more
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jpdakran @meeragirijan