Skip to content

fix: Disable interpolation in config parser to prevent skipping files#963

Open
Mallikarjunadevops wants to merge 1 commit into
Yelp:masterfrom
Mallikarjunadevops:fix-configparser-interpolation
Open

fix: Disable interpolation in config parser to prevent skipping files#963
Mallikarjunadevops wants to merge 1 commit into
Yelp:masterfrom
Mallikarjunadevops:fix-configparser-interpolation

Conversation

@Mallikarjunadevops

Copy link
Copy Markdown

Fixes #944

What is this PR?

This PR fixes a bug where detect-secrets fails to detect secrets in configuration files (.cfg / .ini) when interpolation placeholders like %%(c)s are present before the secret.

Why?

When parsing configuration files with Python's built-in configparser.ConfigParser, the default setting performs BasicInterpolation. If the parser encounters a string that resembles interpolation syntax but cannot be interpolated, it raises an exception which leads to ParsingError. This causes detect-secrets to effectively skip the file content past the error, resulting in missed secrets.

Since detect-secrets only needs to scan raw strings and shouldn't attempt to interpolate variables, initializing ConfigParser with interpolation=None completely avoids this error and allows all keys and values to be extracted and scanned.

Testing Evidence

Added a test to tests/transformers/config_transformer_test.py to verify that %%(c)s is correctly extracted without exceptions.
Manually verified that secrets in test.cfg from the issue report are now caught successfully.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Bug: Secrets not detected when %%(...)s appears before line containing password keyword

1 participant