Merge pull request Yelp#712 from sindrig/master

Avoid IndexError when passing an empty string to `is_prefixed_with_dollar_sign`
yo61 · Dec 18, 2023 · 051af69 · 051af69
2 parents 8759467 + 9d790db
commit 051af69
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/detect_secrets/filters/heuristic.py b/detect_secrets/filters/heuristic.py
@@ -164,7 +164,7 @@ def is_prefixed_with_dollar_sign(secret: str) -> bool:
     # false negatives than `is_templated_secret` (e.g. secrets that actually start with a $).
     # This is best used with files that actually use this as a means of referencing variables.
     # TODO: More intelligent filetype handling?
-    return secret[0] == '$'
+    return bool(secret) and secret[0] == '$'
 
 
 def is_indirect_reference(line: str) -> bool:

diff --git a/tests/filters/heuristic_filter_test.py b/tests/filters/heuristic_filter_test.py
@@ -121,9 +121,16 @@ def test_is_templated_secret(line, result):
         assert bool(list(scan_line(line))) is result
 
 
-def test_is_prefixed_with_dollar_sign():
-    assert filters.heuristic.is_prefixed_with_dollar_sign('$secret')
-    assert not filters.heuristic.is_prefixed_with_dollar_sign('secret')
+@pytest.mark.parametrize(
+    'secret, result',
+    (
+        ('$secret', True),
+        ('secret', False),
+        ('', False),
+    ),
+)
+def test_is_prefixed_with_dollar_sign(secret, result):
+    assert filters.heuristic.is_prefixed_with_dollar_sign(secret) == result
 
 
 @pytest.mark.parametrize(