Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add validity check #206

Merged
merged 11 commits into from
Feb 19, 2024
Merged

feat: add validity check #206

merged 11 commits into from
Feb 19, 2024

Conversation

baruchiro
Copy link
Contributor

This PR is the first implementation of validity check #191.

I added the flow of validation, controlled by the --validate flag, and added validation for Github token.

Copy link

kics-logo

KICS version: v1.7.12

Category Results
HIGH HIGH 0
MEDIUM MEDIUM 0
LOW LOW 1
INFO INFO 0
TRACE TRACE 0
TOTAL TOTAL 1
Metric Values
Files scanned placeholder 1
Files parsed placeholder 1
Files failed to scan placeholder 0
Total executed queries placeholder 49
Queries failed to execute placeholder 0
Execution time placeholder 1

@jossef
Copy link
Member

jossef commented Feb 18, 2024

looks good to me, I think its worth adding an optional permission scopes of the found active secrets.

regarding terminology, suggesting to use status instead of validation (active, inactive, unknown) or active (true / false)

@baruchiro
Copy link
Contributor Author

looks good to me, I think its worth adding an optional permission scopes of the found active secrets.

regarding terminology, suggesting to use status instead of validation (active, inactive, unknown) or active (true / false)

As defined in #191, the possible values of the validation field are valid, revoked, and unknown, so it can't be a boolean field.

Since it is not guaranteed the user will enable this feature. the field might be empty, and I want its name to be meaningful and the user will understand why it is empty.

I left with the validationStatus name 😐

@baruchiro baruchiro merged commit 807e0b5 into master Feb 19, 2024
8 checks passed
@baruchiro baruchiro deleted the baruchiro/Add-Secret-validation branch February 19, 2024 07:28
baruchiro pushed a commit that referenced this pull request Feb 21, 2024
After adding the simple validation process on #206, I'm now adding a
validation process for cases where both _access key_ and _secret key_
are needed together.

For these cases, the engine will collect those secrets and after the
scan is finished, it will validate all the pairs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants