Fix private key line number (#251)

tsmithv11 · web-flow · commit fe5652bc46d8 · 2025-04-14T01:07:45.000-07:00
diff --git a/detect_secrets/plugins/private_key.py b/detect_secrets/plugins/private_key.py
@@ -135,9 +135,12 @@ def _get_updated_secrets(
         updated_secrets: Set[PotentialSecret] = set()
         for sec in found_secrets:
             secret_val = sec.secret_value.strip() or ''  # type: ignore
-            if split_by_newline and '\n' in secret_val:
-                secret_val = secret_val.split('\n')[0]
-            line_number = self.find_line_number(file_content, secret_val)
+            pos = file_content.find(secret_val)
+            if pos == -1:
+                line_number = 1
+            else:
+                founded_secret = file_content.split(secret_val)
+                line_number = founded_secret[0].count('\n')
             updated_secrets.add(
                 PotentialSecret(
                     type=self.secret_type,
diff --git a/tests/plugins/private_key_test.py b/tests/plugins/private_key_test.py
@@ -90,6 +90,37 @@ def test_basic(file_content, secrets_amount, expected_secret):
             assert list(secrets.data[temp_file])[0].secret_value == expected_secret
 
 
+def test_private_key_line_number():
+    file_content = '\n'.join([
+        'Irrelevant line 1',
+        'Irrelevant line 2',
+        'Irrelevant line 3',
+        'Irrelevant line 4',
+        'Irrelevant line 5',
+        '-----BEGIN RSA PRIVATE KEY-----',
+        'MIIBVwIBADANBgkqhkiG9w0BAQEFAASC',
+        '-----END RSA PRIVATE KEY-----',
+        'Some trailing text',
+    ])
+
+    with mock_named_temporary_file() as f:
+        f.write(file_content.encode())
+        f.seek(0)
+
+        secrets = SecretsCollection()
+        secrets.scan_file(f.name)
+
+        assert len(list(secrets)) == 1
+
+        temp_file = list(secrets.files)[0]
+        secret_obj = list(secrets.data[temp_file])[0]
+
+        assert secret_obj.line_number == 6, (
+            f'Expected the private key header to be detected at line 6, '
+            f'but got {secret_obj.line_number} instead.'
+        )
+
+
 @pytest.fixture(autouse=True)
 def configure_plugins():
     with transient_settings({
