Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Private key recognition hook is not accurate
See original GitHub issueHi Team!
I just discovered your work, and it is fantastic. Many thanks for putting this together, it is very useful.
I have a use case where code is extracting private keys, and contains lines such as
String keyContents = base64Content.VersionData.tostring();
keyContents = keyContents.replace('-----BEGIN RSA PRIVATE KEY-----', '');
keyContents = keyContents.replace('-----END RSA PRIVATE KEY-----', '');
keyContents = keyContents.replace('\n', '');
This is caught by the private key discoverer and it makes the tests fail.
Technically, private keys or certs would have a pattern that is (-----BEGIN RSA PRIVATE KEY-----)( base64 stuff)(-----END RSA PRIVATE KEY-----)
The current code seems to just check if the words “BEGIN RSA PRIVATE KEY” appears in the code, which is slightly weak.
As a result, I am using a combination of pre-commit and Talisman but I would love to have a single code base for everything.
Best, Sam
Issue Analytics
- State:
- Created 6 years ago
- Comments:11 (9 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thanks @asottile. Allowing .pre-commit-config.yaml to point to a different fork/sha made it very easy to test. Great design, Ill be tweeting and letting my co-workers know about your work!
Always open to improvements @nicain 😃