Bug file with just APEOptState seems to be breaking detect-secrets[word_list]==1.5.0

[jamesbraza]

• I'm submitting a ...

  • bug report
  • feature request

• What is the current behavior?

1. pip install detect-secrets[word_list]==1.5.0

2. Make an empty file .secrets.allowlist

3. Make a file foo.py with contents:

   APEOptState
   

4. Then run detect-secrets scan --word-list=.secrets.allowlist foo.py

• If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem

It crashes:

Traceback (most recent call last):
  File "/Users/user/.pyenv/versions/3.12.2/bin/detect-secrets", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/main.py", line 30, in main
    handle_scan_action(args)
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/main.py", line 70, in handle_scan_action
    secrets = baseline.create(
              ^^^^^^^^^^^^^^^^
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/core/baseline.py", line 34, in create
    secrets.scan_files(
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/core/secrets_collection.py", line 55, in scan_files
    self.scan_file(filenames[0])
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/core/secrets_collection.py", line 76, in scan_file
    for secret in scan.scan_file(os.path.join(self.root, convert_local_os_path(filename))):
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/core/scan.py", line 155, in scan_file
    for secret in _process_line_based_plugins(
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/core/scan.py", line 334, in _process_line_based_plugins
    yield from (
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/core/scan.py", line 334, in <genexpr>
    yield from (
               ^
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/core/scan.py", line 376, in _scan_line
    yield from (
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/core/scan.py", line 379, in <genexpr>
    if not _is_filtered_out(
           ^^^^^^^^^^^^^^^^^
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/core/scan.py", line 392, in _is_filtered_out
    if call_function_with_arguments(filter_fn, **kwargs):
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/util/inject.py", line 38, in call_function_with_arguments
    return function(**values)
           ^^^^^^^^^^^^^^^^^^
  File "/Users/user/.pyenv/versions/3.12.2/lib/python3.12/site-packages/detect_secrets/filters/wordlist.py", line 63, in should_exclude_secret
    next(get_automaton().iter(string=secret.lower()))
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: Not an Aho-Corasick automaton yet: call add_word to add some keys and call make_automaton to convert the trie to an automaton.

• What is the expected behavior?

Not to crash

• What is the motivation / use case for changing the behavior?

This is a crash that shouldn't crash

• Please tell us about your environment:

  • detect-secrets Version: 1.5.0
  • Python Version: 3.12.2
  • OS Version: macOS Sonoma 14.3
  • File type (if applicable): Python

• Other information

N/a

[jamesbraza]

I think the underlying bug is happens when there is:

1. An empty allowlist
2. A secrets violation

Perhaps this is a new edge case?