PotentialSecret failure with slim baseline + pre-commit hook

[js-truework]

Summary

Hello,

I've tried to find examples of this issue in the repository before but did not find any useful hits. This issue has been plaguing my team the last month or so. We were originally using a full secrets baseline, but the line number tracking resulted in a lot of activity, and that lot of activity resulted in a lot of merge conflicts due to the timestamp and stuff.

So I switched us to the slim baseline to reduce the activity that the file sees, but since doing so, we've been facing this issue quite a bit: AttributeError: 'PotentialSecret' object has no attribute 'line_number'.

Baseline Configuration

{
  "version": "1.1.0",
  "plugins_used": [
    {
      "name": "ArtifactoryDetector"
    },
    {
      "name": "AWSKeyDetector"
    },
    {
      "name": "AzureStorageKeyDetector"
    },
    {
      "name": "Base64HighEntropyString",
      "limit": 4.5
    },
    {
      "name": "BasicAuthDetector"
    },
    {
      "name": "CloudantDetector"
    },
    {
      "name": "HexHighEntropyString",
      "limit": 3.0
    },
    {
      "name": "IbmCloudIamDetector"
    },
    {
      "name": "IbmCosHmacDetector"
    },
    {
      "name": "JwtTokenDetector"
    },
    {
      "name": "KeywordDetector",
      "keyword_exclude": ""
    },
    {
      "name": "MailchimpDetector"
    },
    {
      "name": "NpmDetector"
    },
    {
      "name": "PrivateKeyDetector"
    },
    {
      "name": "SlackDetector"
    },
    {
      "name": "SoftlayerDetector"
    },
    {
      "name": "SquareOAuthDetector"
    },
    {
      "name": "StripeDetector"
    },
    {
      "name": "TwilioKeyDetector"
    }
  ],
  "filters_used": [
    {
      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
    },
    {
      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
      "min_level": 2
    },
    {
      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_lock_file"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_sequential_string"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_swagger_file"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_templated_secret"
    },
    {
      "path": "detect_secrets.filters.regex.should_exclude_file",
      "pattern": [
        ".*/fixtures/.*.json",
        "common/tests/constants.py",
        ".github/*"
      ]
    }
  ]
}

Traceback

Detect secrets...........................................................Failed
- hook id: detect-secrets
- exit code: 1
Traceback (most recent call last):
  File "/home/runner/.cache/pre-commit/repozmyk2bs_/py_env-python3.9/bin/detect-secrets-hook", line 8, in <module>
    sys.exit(main())
  File "/home/runner/.cache/pre-commit/repozmyk2bs_/py_env-python3.9/lib/python3.9/site-packages/detect_secrets/pre_commit_hook.py", line 61, in main
    baseline.save_to_file(args.baseline, filename=args.baseline_filename)
  File "/home/runner/.cache/pre-commit/repozmyk2bs_/py_env-python3.9/lib/python3.9/site-packages/detect_secrets/core/baseline.py", line 109, in save_to_file
    output = format_for_output(secrets)
  File "/home/runner/.cache/pre-commit/repozmyk2bs_/py_env-python3.9/lib/python3.9/site-packages/detect_secrets/core/baseline.py", line 74, in format_for_output
    'results': secrets.json(),
  File "/home/runner/.cache/pre-commit/repozmyk2bs_/py_env-python3.9/lib/python3.9/site-packages/detect_secrets/core/secrets_collection.py", line 198, in json
    for filename, secret in self:
  File "/home/runner/.cache/pre-commit/repozmyk2bs_/py_env-python3.9/lib/python3.9/site-packages/detect_secrets/core/secrets_collection.py", line 217, in __iter__
    for secret in sorted(secrets, key=lambda x: (x.line_number, x.secret_hash, x.type)):
  File "/home/runner/.cache/pre-commit/repozmyk2bs_/py_env-python3.9/lib/python3.9/site-packages/detect_secrets/core/secrets_collection.py", line 217, in <lambda>
    for secret in sorted(secrets, key=lambda x: (x.line_number, x.secret_hash, x.type)):
AttributeError: 'PotentialSecret' object has no attribute 'line_number'

Reproduce

I am unable to reliably reproduce this. It often happens even when there have been no changes to the baseline in that commit. Typically simply rerunning the commit (or in this case the github workflow that is calling pre-commit) will run the same exact code, with no other changes in the repo, but not hit this error.

I know intermittent and unreliably reproducible are the best types of bugs, sorry!

[gpflaum]

@js-truework See #473.