这是indexloc提供的服务,不要输入任何密码
Skip to content

fix(secrets): fix omit and masking #7213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 19, 2025
Merged

fix(secrets): fix omit and masking #7213

merged 4 commits into from
Jun 19, 2025

Conversation

@RabeaZr
Copy link
Contributor

@RabeaZr RabeaZr commented Jun 18, 2025
edited
Loading

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

In case this creates problems, we should revert it and add the following in runner.py:

            secret_value = cast(str, sec.secret_value)
            if secret_value:
                secret_value = secret_value.strip('"\'')  # We should always strip quotes from matches before we search for them in the line (because of this line quoted_mm = f"'{mm}'" in custom_regex_detector.py)
            line_text_censored = omit_secret_value_from_line(secret_value, line_text_censored)

instead of:

            line_text_censored = omit_secret_value_from_line(cast(str, sec.secret_value), line_text_censored)

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

New/Edited policies (Delete if not relevant)

Description

Include a description of what makes it a violation and any relevant external links.

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

@RabeaZr RabeaZr temporarily deployed to scan-security June 18, 2025 14:24 — with GitHub Actions Inactive
@RabeaZr RabeaZr temporarily deployed to scan-security June 18, 2025 15:14 — with GitHub Actions Inactive
Saarett
Saarett approved these changes Jun 19, 2025
View reviewed changes
Copy link
Contributor

@Saarett Saarett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎖️

@pazbechor pazbechor self-requested a review June 19, 2025 08:49
@pazbechor
Copy link
Contributor

pazbechor commented Jun 19, 2025

Talked about it 💯
the reason to do it - very good reason 🥇
The place IMO - patching a wrong piece of code ;)
So lets remove the quotes from custom_regex_detector.py & remove the prerun from all NOT multiline secrets.

@RabeaZr RabeaZr temporarily deployed to scan-security June 19, 2025 08:58 — with GitHub Actions Inactive
@RabeaZr RabeaZr merged commit d9a1ecd into main Jun 19, 2025
49 checks passed
@RabeaZr RabeaZr deleted the fix-omit branch June 19, 2025 10:06
Saarett pushed a commit that referenced this pull request Jun 19, 2025
@RabeaZr @actions-user
fix(secrets): fix omit and masking (#7213)
5ff4b0d 
* fix omit

* fix omit

* fix omit

* fix omit
@sourcery-ai sourcery-ai bot mentioned this pull request Jun 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Saarett Saarett Saarett approved these changes

@pazbechor pazbechor pazbechor approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@RabeaZr @pazbechor @Saarett