You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
But then you're no longer able to use docker compose interpolation within the environment variables, which can be a problem if it's being done for some other variables, e.g the following only works when environment is a list of strings, if it's a mapping you can't do this anymore:
The text was updated successfully, but these errors were encountered:
RobertRosca
changed the title
False Negative - YAML Parser Stops Reading After First String Value
False Negative - YAML Parser Stops Reading After First String Value/Does Not Read Lists of Strings
Feb 16, 2024
RobertRosca
added a commit
to European-XFEL/zulip-write-only-proxy
that referenced
this issue
Feb 20, 2024
I'm submitting a ...
What is the current behavior?
Secrets are not detected in (docker compose) yaml files when a top-level entry for a string is present.
This will not detect any secrets:
But changing the first line to
version: 3.8
will:edit: actually, it's a bit more complex, when removing the
version
value secrets are detected:Unless you add in something else which is not a mapping to a string:
Changing
environment
from a list of strings to a mapping fixes the issue though:But then you're no longer able to use docker compose interpolation within the environment variables, which can be a problem if it's being done for some other variables, e.g the following only works when
environment
is a list of strings, if it's a mapping you can't do this anymore:Secrets to be detected when a string entry is present before some nested structure.
What is the motivation / use case for changing the behavior?
Please tell us about your environment:
Other information
Problem seems to be with the yaml parser, for the buggy case of
version: "3.8"
thelines
variable indetect_secrets.scan:269
is:['version: "3.8"']
So nothing was parsed after that value, which is why the secret isn't found. For the working case of
version: 3.8
it is:The text was updated successfully, but these errors were encountered: