这是indexloc提供的服务,不要输入任何密码
Skip to content

feat(secrets): Bump detect secrets #7158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
May 19, 2025
Merged

feat(secrets): Bump detect secrets #7158

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
5c30d00
Bump detect secrets
tsmithv11 May 15, 2025
a4470fd
Update secret.yml
tsmithv11 May 15, 2025
393f3e3
Update secret-no-false-positive.yml
tsmithv11 May 15, 2025
936ed09
Update Dockerfile
tsmithv11 May 15, 2025
23c1a56
Update Dockerfile.simple
tsmithv11 May 15, 2025
2ccb108
Fix tests
tsmithv11 May 16, 2025
2f26567
Merge branch 'bump-detect-secrets-may25' of https://github.com/bridge…
tsmithv11 May 16, 2025
bea4a77
Merge branch 'main' into bump-detect-secrets-may25
tsmithv11 May 16, 2025
4448098
Fix tests
tsmithv11 May 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Pipfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ types-colorama = "<0.5.0,>=0.4.3"
# REMINDER: Update "install_requires" deps on setup.py when changing
#
bc-python-hcl2 = "==0.4.2"
bc-detect-secrets = "==1.5.41"
bc-detect-secrets = "==1.5.43"
bc-jsonpath-ng = "==1.6.1"
pycep-parser = "==0.5.1"
tabulate = ">=0.9.0,<0.10.0"
Expand Down
32 changes: 16 additions & 16 deletions Pipfile.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ def run(self) -> None:
},
install_requires=[
"bc-python-hcl2==0.4.2",
"bc-detect-secrets==1.5.41",
"bc-detect-secrets==1.5.43",
"bc-jsonpath-ng==1.6.1",
"pycep-parser==0.5.1",
"tabulate>=0.9.0,<0.10.0",
Expand Down
2 changes: 1 addition & 1 deletion tests/secrets/resources/cfn/secret-no-false-positive.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ no False Positive - where it's not an actual secret
check1 = {'blabla': 'blabla1'}
check2 = {'blabla': 'blabla2'}
check1['some_key_1235#$@'] = check2.get('some_value_1235')
not_a_secr_k = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
not_a_secr_k = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPL3KEY"
4 changes: 2 additions & 2 deletions tests/secrets/resources/cfn/secret.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ Resources:
console.log("Hello World");
Environment:
Variables:
access_key: "AKIAIOSFODNN7EXAMPLE"
secret_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
access_key: "AKIAIOSFODNN7EXAMPL3"
secret_key: "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"
Tags:
- Key: Name
Value: !Sub "${AWS::AccountId}-${CompanyName}-${Environment}-analysis"
Expand Down
6 changes: 3 additions & 3 deletions tests/secrets/resources/file_type/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ RUN apt install first_update_line \
RUN apt update second_update_line
RUN apt update third_update_line
USER bob
ENV AWS_ACCESS_KEY_ID="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
ENV AWS_SECRET_ACCESS_KEY="AKIAIOSFODNN7EXAMPLE"
ENV AWS_ACCESS_KEY_ID="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPL3KEY"
ENV AWS_SECRET_ACCESS_KEY="AKIAIOSFODNN7EXAMPL3"

HEALTHCHECK --interval=5m --timeout=3s \
CMD curl -f http://localhost/ || exit 1
~
~
6 changes: 3 additions & 3 deletions tests/secrets/resources/file_type/Dockerfile.simple
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
FROM base
ENV AWS_ACCESS_KEY_ID="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
ENV AWS_SECRET_ACCESS_KEY="AKIAIOSFODNN7EXAMPLE"
ENV AWS_ACCESS_KEY_ID="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPL3KEY"
ENV AWS_SECRET_ACCESS_KEY="AKIAIOSFODNN7EXAMPL3"

RUN apk update
RUN apk update
2 changes: 1 addition & 1 deletion tests/secrets/resources/file_type/test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@


access_key = "AKIAIOSFODNN7EXAMPLE"
secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPL3KEY"
if __name__ == '__main__':
print('secrets')
2 changes: 1 addition & 1 deletion tests/secrets/resources/file_type/test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
const access_key = "AKIAIOSFODNN7EXAMPLE"
const secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
const secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPL3KEY"
function compact(arr: string[]) {
if (arr.length > 10)
return arr.slice(0, 10)
Expand Down
2 changes: 1 addition & 1 deletion tests/secrets/resources/terraform_skip/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ resource "aws_lambda_function" "wrong_skip" {

environment {
variables = {
access_key = "AKIAIOS3F6KN7EXAMPLE" #checkov:skip=CKV_SECRET_5:wrong check id
access_key = "AKIAIOS3F6KN7EXAMPL3" #checkov:skip=CKV_SECRET_5:wrong check id
secret_key = ""
}
}
Expand Down
2 changes: 1 addition & 1 deletion tests/secrets/sanity/secrets/true_positive.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"SA_PASSWORD": "DEV-we-954",
"secret_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"secret_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPL3KEY",
"my_new_password": "F322a45xxmwov9bpgRhyuByXj2nxz7khS6yXQmfSaQCmwbTF2jpfgC56az3a",
"test_pass": "z2b7k2cQfzc+yjP2K8cjuQ8uoorHBpEvC+XWhU3Z5+IdrPQYwr991Lj73xfZ+RA2GzC0wTedDTvb1C2NX+3Gpw==",
"pg_pass": "sup1rstr0ngpass2ForTT",
Expand Down
6 changes: 3 additions & 3 deletions tests/secrets/test_secrets_verification_suppressions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ def test_runner_verify_secrets_skip_invalid_suppressed(mock_bc_integration, mock
valid_dir_path = current_dir + "/resources/cfn"

rel_resource_path = '/secret.yml'
resource_id = '25910f981e85ca04baf359199dd0bd4a3ae738b6'
resource_id = '3472e46be802575792c8ddc3fcea5399a73078f1'
verified_report = [
{
"violationId": "BC_GIT_2",
Expand Down Expand Up @@ -53,8 +53,8 @@ def test_runner_verify_secrets_skip_all_no_effect(mock_bc_integration, mock_meta
valid_dir_path = current_dir + "/resources/cfn"

rel_resource_path = '/secret.yml'
resource_id = '25910f981e85ca04baf359199dd0bd4a3ae738b6'
second_resource_id = 'd70eab08607a4d05faa2d0d6647206599e9abc65'
resource_id = '3472e46be802575792c8ddc3fcea5399a73078f1'
second_resource_id = 'a8a2f5d0efa444d71973792b14df2e05c00458c4'
verified_report = [
{
"violationId": "BC_GIT_2",
Expand Down
Loading