Skip to content

ggshield pre-commit hook fails to detect Telegram API credentials as secrets #1099

New issue
New issue
Open
Open
ggshield pre-commit hook fails to detect Telegram API credentials as secrets#1099
Labels
status:confirmedThis issue has been reviewed and confirmedtype:enhancementImproving an existing feature
@Advaitgaur004

Description

@Advaitgaur004
Advaitgaur004
opened on May 26, 2025

Environment

  • ggshield version: 1.39.0
  • Operating system (Linux, macOS, Windows): Windows, Linux
  • Operating system version:

Windows
OS Name: Microsoft Windows 11 Home Single Language
OS Version: 10.0.26100 N/A Build 26100

Linux
Linux Advait 5.15.167.4 1 SMP Tue Nov 5 00:21:55 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

  • Python version: 3.11.5

Describe the bug

When using ggshield with the pre-commit hook installed via ggshield install -m local, the tool fails to detect Telegram credentials in a committed file. However, it detects other known secrets like GitHub tokens or Slack API keys correctly.

Steps to reproduce:

  1. Create a file main.txt with the following sample content (note: actual credentials were used during testing; this is just representative for the purpose of this issue):
[Telegram] 
api_id = 00000000 
api_hash = ccccccccccccccccccccccccccccccc
username = @Advaitgaur004
  1. Stage and commit the file:
git commit -am "Secret added"

Actual result:

ggshield does not detect or block the Telegram API credentials during the pre-commit scan.

Expected result:

Telegram api_id and api_hash should be flagged as secrets and block the commit.

Metadata

Metadata

Assignees

No one assigned

    Labels

    status:confirmedThis issue has been reviewed and confirmedtype:enhancementImproving an existing feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions