Skip to content

Commit

Permalink
fix(secret): find aws secrets ending with a comma or dot (#5921)
Browse files Browse the repository at this point in the history
  • Loading branch information
DmitriyLewen authored Jan 11, 2024
1 parent c8c55fe commit ae134a9
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion pkg/fanal/secret/builtin-rules.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ const (
quote = `["']?`
connect = `\s*(:|=>|=)?\s*`
startSecret = `(^|\s+)`
endSecret = `(\s+|$)`
endSecret = `[.,]?(\s+|$)`

aws = `aws_?`
)
Expand Down
8 changes: 4 additions & 4 deletions pkg/fanal/secret/scanner_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -429,7 +429,7 @@ func TestSecretScanner(t *testing.T) {
Severity: "CRITICAL",
StartLine: 5,
EndLine: 5,
Match: `aws_sec_key "****************************************"`,
Match: ` "created_by": "ENV aws_sec_key "****************************************",`,
Code: types.Code{
Lines: []types.Line{
{
Expand All @@ -444,8 +444,8 @@ func TestSecretScanner(t *testing.T) {
},
{
Number: 5,
Content: "aws_sec_key \"****************************************\"",
Highlighted: "aws_sec_key \"****************************************\"",
Content: " \"created_by\": \"ENV aws_sec_key \"****************************************\",",
Highlighted: " \"created_by\": \"ENV aws_sec_key \"****************************************\",",
IsCause: true,
FirstCause: true,
LastCause: true,
Expand Down Expand Up @@ -662,7 +662,7 @@ func TestSecretScanner(t *testing.T) {
inputFilePath: filepath.Join("testdata", "aws-secrets.txt"),
want: types.Secret{
FilePath: filepath.Join("testdata", "aws-secrets.txt"),
Findings: []types.SecretFinding{wantFinding5, wantFinding9, wantFinding10},
Findings: []types.SecretFinding{wantFinding5, wantFinding10, wantFinding9},
},
},
{
Expand Down
2 changes: 1 addition & 1 deletion pkg/fanal/secret/testdata/aws-secrets.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
AWS_ACCESS_KEY_ID=AKIA0123456789ABCDEF
"aws_account_ID":'1234-5678-9123'
AWS_example=AKIAIOSFODNN7EXAMPLE
aws_sec_key "KEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYK"
"created_by": "ENV aws_sec_key "KEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYK",

0 comments on commit ae134a9

Please sign in to comment.