2

I am currently using the 方正黑体简体.TTF font included in pdfmake-chinese library. I already tested it when printing PDFs and the Chinese fonts are displayed correctly. Right now, I want to push my Javascript file that contains the vfs_fonts.js but I'm getting an issue from Git with this particular message, "[ERROR] Tier 1 secret(s) found in file '/example.js' - check lines [57318]" when I try to commit this file. If I tried to remove 方正黑体简体.TTF in vfs_fonts.js and used Roboto instead, I can commit and push the example.js. What is the cause of the issue and how should I fix this without compromising security?

Edit: I checked and I have something like secrets dictionary in my configuration. Below are the rules considered as tier 1.

  • BEGIN RSA PRIVATE KEY

  • BEGIN DSA PRIVATE KEY

  • BEGIN EC PRIVATE KEY

  • BEGIN OPENSSH PRIVATE KEY

  • BEGIN PRIVATE KEY

  • PuTTY-User-Key-File-2

  • BEGIN SSH2 ENCRYPTED PRIVATE KEY

  • BEGIN PGP PRIVATE KEY BLOCK

  • (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}

iamrooovic
  • 47
  • 6

1 Answers1

2

That error message looks like something from a commit hook you have set up which is looking for accidentally committed password, security keys, etc. Some sequence of bytes in the font file happens to look similar to a security key, so is accidentally triggering the check.

If the hook is correctly configured, it should ignore binary files, so the fix is to use a gitattributes file to mark .ttf files as binary. Specifcally, a file in the root of your repository called .gitattributes containing this:

*.ttf binary

If that does not fix it, you will have to look for the documentation of the particular script that generated the error, and see how to configure files it should ignore.

IMSoP
  • 89,526
  • 13
  • 117
  • 169
  • I have a question about this. If I try to do this, should I push this .gitattributes file in Git or will this just act as a guide to ignore binary files? I am part of a project and I can't just push files like this. – iamrooovic May 17 '22 at 13:42
  • 1
    @iamrooovic Presumably, everybody will face the same restriction, so everybody will want the fix, therefore you should commit the `.gitattributes` file. If you need permission to do it, then seek that permission, but that's a management question, not a technical one. – IMSoP May 17 '22 at 14:03
  • Sorry for late reply. I already created the file .gitattributes and placed it in $GIT_REPO/info/attributes. I also checked the permissions from .git to .gitattributes file but I still can't commit/push the changes. I'm getting this issue when I run git status, "warning: unable to access '.git/info/attributes': Is a directory". – iamrooovic May 19 '22 at 05:47
  • @iamrooovic You've misread the documentation. `.git/info/attributes` should be a *file*, not a directory. – IMSoP May 19 '22 at 07:28
  • I've already changed and moved the .gitattributes file in .git/info directory and I don't get the previous warning I have before but the issue regarding the tier 1 secret still persists. – iamrooovic May 19 '22 at 07:55
  • 1
    @iamrooovic Just to confirm, the file is *either* `.gitattributes` (which can be committed) *or* `.git/info/attributes` (which is local to one copy), never `.git/info/.gitattributes`. If you've definitely confirmed it's the right file then as I say at the end of my answer, you'll need to find the documentation for the particular script that's enforcing the restriction. Since nobody here can see what that is, nobody is going to be able to help you further (unless by lucky guess). – IMSoP May 19 '22 at 09:21