diff --git a/.github/hooks/scripts/secrets_leak_guard.py b/.github/hooks/scripts/secrets_leak_guard.py index 9bd84c5d5..199f144fc 100644 --- a/.github/hooks/scripts/secrets_leak_guard.py +++ b/.github/hooks/scripts/secrets_leak_guard.py @@ -220,17 +220,17 @@ def main() -> None: sys.exit(0) path_hint = f" in `{file_path}`" if file_path else "" - findings_hint = f" ({', '.join(findings)})" if findings else "" + secret_hint = f" ({', '.join(findings)})" if findings else "" # lgtm[py/clear-text-logging-sensitive-data] if _BLOCK: print( - f"🛑 SECRETS BLOCKED: Detected possible hardcoded secret{findings_hint}{path_hint}. " + f"🛑 SECRETS BLOCKED: Detected possible hardcoded secret{secret_hint}{path_hint}. " # lgtm[py/clear-text-logging-sensitive-data] "Move credentials to environment variables or local.settings.json.", file=sys.stderr, ) sys.exit(1) else: print( - f"⚠️ SECRETS WARNING: Possible hardcoded secret detected{findings_hint}{path_hint}. " + f"⚠️ SECRETS WARNING: Possible hardcoded secret detected{secret_hint}{path_hint}. " # lgtm[py/clear-text-logging-sensitive-data] "Verify this is not a real credential. Use env vars or local.settings.json for secrets." ) sys.exit(0)