-
Notifications
You must be signed in to change notification settings - Fork 481
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False Negative - YAML Parser Stops Reading After First String Value/Does Not Read Lists of Strings #791
Labels
Comments
RobertRosca
changed the title
False Negative - YAML Parser Stops Reading After First String Value
False Negative - YAML Parser Stops Reading After First String Value/Does Not Read Lists of Strings
Feb 16, 2024
RobertRosca
added a commit
to European-XFEL/zulip-write-only-proxy
that referenced
this issue
Feb 20, 2024
lorenzodb1
added
false negatives
pending
The issue still needs to be reviewed by one of the maintainers.
labels
May 16, 2024
RobertRosca
added a commit
to European-XFEL/zulip-write-only-proxy
that referenced
this issue
Sep 24, 2024
RobertRosca
added a commit
to European-XFEL/zulip-write-only-proxy
that referenced
this issue
Sep 24, 2024
RobertRosca
added a commit
to European-XFEL/zulip-write-only-proxy
that referenced
this issue
Sep 24, 2024
RobertRosca
added a commit
to European-XFEL/zulip-write-only-proxy
that referenced
this issue
Sep 24, 2024
RobertRosca
added a commit
to European-XFEL/zulip-write-only-proxy
that referenced
this issue
Sep 24, 2024
RobertRosca
added a commit
to European-XFEL/zulip-write-only-proxy
that referenced
this issue
Sep 24, 2024
RobertRosca
added a commit
to European-XFEL/zulip-write-only-proxy
that referenced
this issue
Sep 24, 2024
RobertRosca
added a commit
to European-XFEL/zulip-write-only-proxy
that referenced
this issue
Sep 24, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
I'm submitting a ...
What is the current behavior?
Secrets are not detected in (docker compose) yaml files when a top-level entry for a string is present.
This will not detect any secrets:
But changing the first line to
version: 3.8
will:edit: actually, it's a bit more complex, when removing the
version
value secrets are detected:Unless you add in something else which is not a mapping to a string:
Changing
environment
from a list of strings to a mapping fixes the issue though:But then you're no longer able to use docker compose interpolation within the environment variables, which can be a problem if it's being done for some other variables, e.g the following only works when
environment
is a list of strings, if it's a mapping you can't do this anymore:Secrets to be detected when a string entry is present before some nested structure.
What is the motivation / use case for changing the behavior?
Please tell us about your environment:
Other information
Problem seems to be with the yaml parser, for the buggy case of
version: "3.8"
thelines
variable indetect_secrets.scan:269
is:['version: "3.8"']
So nothing was parsed after that value, which is why the secret isn't found. For the working case of
version: 3.8
it is:The text was updated successfully, but these errors were encountered: