这是indexloc提供的服务,不要输入任何密码
Skip to content

fix(general): Skip bc_api_key in output #7148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 13, 2025
Merged

fix(general): Skip bc_api_key in output #7148

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions checkov/common/output/report.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -443,9 +443,14 @@ def get_test_suite(self, properties: Optional[Dict[str, Any]] = None, use_bc_ids

@staticmethod
def create_test_suite_properties_block(config: argparse.Namespace) -> Dict[str, Any]:
"""Creates a dictionary without 'None' values for the JUnit XML properties block"""
"""Creates a dictionary without 'None' values and sensitive data for the JUnit XML properties block"""

# List of sensitive properties that should be excluded from outputs
sensitive_properties = ['bc_api_key']

properties = {k: v for k, v in config.__dict__.items()
if v is not None and k not in sensitive_properties}

properties = {k: v for k, v in config.__dict__.items() if v is not None}
return properties

def _create_test_case_failure_output(self, record: Record) -> str:
Expand Down
36 changes: 36 additions & 0 deletions tests/common/output/test_junit_report.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,42 @@ def test_get_junit_xml_string_with_terraform(self):
).toprettyxml()
)

def test_sensitive_properties_excluded_from_junit_xml(self):
# given
test_file = Path(__file__).parent / "fixtures/main.tf"
checks = ["CKV_AWS_18"] # Just need one check for this test

# Create config with a sensitive property (bc_api_key)
config = argparse.Namespace(
file="fixtures/main.tf",
framework=["terraform"],
bc_api_key="secret_api_key_123", # This should be excluded
non_sensitive_prop="regular_value" # This should be included
)

report = TerrafomrRunner().run(
root_folder="", files=[str(test_file)], runner_filter=RunnerFilter(checks=checks)
)

properties = Report.create_test_suite_properties_block(config=config)
test_suite = report.get_test_suite(properties=properties)
xml_string = Report.get_junit_xml_string([test_suite])
root = ET.fromstring(xml_string)
testsuite = root.find('testsuite')
props = testsuite.find('properties')

# Check that sensitive properties are not included
property_names = [prop.attrib['name'] for prop in props.findall('property')]
self.assertIn('file', property_names, "Expected 'file' property to be present")
self.assertIn('framework', property_names, "Expected 'framework' property to be present")
self.assertIn('non_sensitive_prop', property_names, "Expected 'non_sensitive_prop' property to be present")

# Most important assertions - check that sensitive properties are excluded
self.assertNotIn('bc_api_key', property_names, "Sensitive property 'bc_api_key' should be excluded")

# Double check the XML string itself doesn't contain the sensitive values
self.assertNotIn('secret_api_key_123', xml_string, "API key value should not appear in XML")


if __name__ == "__main__":
unittest.main()
Loading