real entropy about eslint-plugin-no-secrets HOT 10 CLOSED

or another example - according to Shannon, the entropy of a is 0 and the entropy of aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa is 0 as well

from eslint-plugin-no-secrets.

Or:
abcdefabcdef -> 2.58496
abcdefcbafed -> 2.58496

from eslint-plugin-no-secrets.

Or:
01 -> 1
0100001011110101000000010000100100001100110101001100011101110100110101011110110111110001110111110100 -> 1

from eslint-plugin-no-secrets.

01 -> 1
00001 -> 0.72193

from eslint-plugin-no-secrets.

Hey @oprogramador,
Thank you for the compelling issue. I'm currently researching into this. I have added this plugin to a few of the larger projects I work on. I think the current problem is that the false positives tend to be actual words.
This isn't an issue until you have large inline strings with things like paragraphs (like auto-gen) docs.
I'm currently trying to think of a good solution to this. Let me know what your thoughts are.
I'm going to keep brainstorming. Maybe some NLP?
Cheers,
Nick

from eslint-plugin-no-secrets.

@nickdeis

that's my solution https://github.com/oprogramador/eslint-plugin-no-credentials/blob/master/src/calculateStrongEntropy.js

multiplying the Shannon entropy plus 1 and zipped data length minus 20 (because it's always at least 20)

from eslint-plugin-no-secrets.

you can see the results here https://github.com/oprogramador/eslint-plugin-no-credentials/blob/master/src/tests-mocha/calculateStrongEntropy.js

from eslint-plugin-no-secrets.

Super interesting. Wouldn't entropy and compression rates be colinear? I suppose this ends up being a weighted measure of entropy and string length. Any reference material used to come up with this?

from eslint-plugin-no-secrets.

Closing as over a year old

from eslint-plugin-no-secrets.

@nickdeis

I invented my own approach in my library to have a relatively good measurement of information quantity.

from eslint-plugin-no-secrets.