Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(secrets): multiline matches show the secret and not the first line #6854

Merged
merged 2 commits into from
Nov 21, 2024
Merged

fix(secrets): multiline matches show the secret and not the first line #6854

merged 2 commits into from
Nov 21, 2024

Conversation

RabeaZr
Copy link
Contributor

@RabeaZr RabeaZr commented Nov 19, 2024
edited by baz-review bot
Loading

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

New/Edited policies (Delete if not relevant)

Description

Include a description of what makes it a violation and any relevant external links.

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

Generated description

Below is a concise technical summary of the changes proposed in this PR:

Improve the CustomRegexDetector to correctly display multiline secrets by introducing a new function find_line_number to accurately determine the line number of secrets. Enhance test coverage with a new test case TestMultilineFinding to validate the changes.

TopicDetails
Multiline Secret Fix Fix the multiline secret detection in CustomRegexDetector by quoting the secret and accurately finding its line number using find_line_number.
Modified files (1)
  • checkov/secrets/plugins/custom_regex_detector.py
Latest Contributors(2)
UserCommitDate
omryMenfix-secrets-skip-empty...November 18, 2024
RabeaZrfix-secrets-add-prerun...November 17, 2024
Test Enhancement Add a new test case TestMultilineFinding to ensure multiline secret detection works correctly, using a sample Dockerfile for testing.
Modified files (2)
  • tests/secrets/test_multiline_finding_line_number.py
  • tests/secrets/multiline_finding/Dockerfile.mine
Latest Contributors(0)
UserCommitDate
This pull request is reviewed by Baz. Join @RabeaZr and the rest of your team on (Baz).

omryMen
omryMen reviewed Nov 19, 2024
View reviewed changes
Copy link
Contributor

@omryMen omryMen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add a test and an example result please

@omryMen omryMen merged commit 82a334f into main Nov 21, 2024
42 checks passed
@omryMen omryMen deleted the multiline-match branch November 21, 2024 07:36
Saarett pushed a commit that referenced this pull request Nov 21, 2024
@RabeaZr @actions-user
fix(secrets): multiline matches show the secret and not the first line (
ada8dcb 
#6854)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@omryMen omryMen omryMen left review comments

@ChanochShayner ChanochShayner ChanochShayner approved these changes

@achiar99 achiar99 achiar99 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@RabeaZr @omryMen @achiar99 @ChanochShayner