Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Credential scanning tool flags shipped private key #32146

Closed
Samat-Imamov opened this issue Aug 13, 2024 · 4 comments
Closed

[Bug]: Credential scanning tool flags shipped private key #32146

Samat-Imamov opened this issue Aug 13, 2024 · 4 comments
Assignees
@mxschmitt
Labels
v1.47

Comments

@Samat-Imamov
Copy link

Version

1.46.0

Steps to reproduce

Have credential scanning tool in a pipeline.

Expected behavior

No issues with credential scanning tool.

Actual behavior

Credential scanning tool flags key.pem as a file that contains a private secret.

Additional context

No response

Environment

N/A
@pavelfeldman
Copy link
Member

I believe this is about https://github.com/microsoft/playwright/tree/main/packages/playwright-core/bin/socks-certs and the credential scanning tool is checking for accidental certificates.

@pavelfeldman
Copy link
Member

pavelfeldman commented Aug 13, 2024
edited
Loading

Certificates are a part of the package by design. Those are self-signed certificates for internal needs, so they should not be considered a secret. Please feel free to add them to the allow-list.

Having said that we understand this could be an inconvenience to the users that are not interested in the feature that these certificates enable, so we'll consider removing them and offering users to generate certificates during the build process should they need them.

@Samat-Imamov
Copy link
Author

Samat-Imamov commented Aug 13, 2024
edited
Loading

Thank you for your answer! Since they are intended to be shipped, we can add them to the allow-list. Let us know what the consensus is on removing them!

@mxschmitt
Copy link
Member

This should be fixed in v1.46.1 by #32192.

@gvdenbro gvdenbro mentioned this issue Aug 19, 2024
Merged
kodiakhq bot referenced this issue in cloudquery/cloudquery Sep 1, 2024
@cq-bot
fix(deps): Update dependency @playwright/test to v1.46.1 (#19052)
5b8accf 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [@playwright/test](https://playwright.dev) ([source](https://github.com/microsoft/playwright)) | devDependencies | patch | [`1.46.0` -> `1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.46.0/1.46.1) |
| [@playwright/test](https://playwright.dev) ([source](https://github.com/microsoft/playwright)) | devDependencies | minor | [`1.45.3` -> `1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.45.3/1.46.1) |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>microsoft/playwright (@&#8203;playwright/test)</summary>

### [`v1.46.1`](https://github.com/microsoft/playwright/releases/tag/v1.46.1)

[Compare Source](https://github.com/microsoft/playwright/compare/v1.46.0...v1.46.1)

##### Highlights

[https://github.com/microsoft/playwright/issues/32004](https://github.com/microsoft/playwright/issues/32004) - \[REGRESSION]: Client Certificates don't work with Microsoft IIS[https://github.com/microsoft/playwright/issues/32004](https://github.com/microsoft/playwright/issues/32004)4 - \[REGRESSION]: Websites stall on TLS handshake errors when using Client Certificate[https://github.com/microsoft/playwright/issues/32146](https://github.com/microsoft/playwright/issues/32146)46 - \[BUG]: Credential scanners warn about internal socks-proxy TLS certificat[https://github.com/microsoft/playwright/issues/32056](https://github.com/microsoft/playwright/issues/32056)056 - \[REGRESSION]: 1.46.0 (TypeScript) - custom fixtures extend no longer chaina[https://github.com/microsoft/playwright/issues/32070](https://github.com/microsoft/playwright/issues/32070)2070 - \[Bug]: --only-changed flag and project dependen[https://github.com/microsoft/playwright/issues/32188](https://github.com/microsoft/playwright/issues/32188)32188 - \[Bug]: --only-changed with shallow clone throws "unknown revision" error

##### Browser Versions

-   Chromium 128.0.6613.18
-   Mozilla Firefox 128.0
-   WebKit 18.0

This version was also tested against the following stable channels:

-   Google Chrome 127
-   Microsoft Edge 127

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
This was referenced Sep 7, 2024
Open
Open
@ARUMAIS ARUMAIS mentioned this issue Sep 7, 2024
Open
This was referenced Sep 7, 2024
Open
Open
@ARUMAIS ARUMAIS mentioned this issue Sep 8, 2024
Open
@leonardoadame leonardoadame mentioned this issue Sep 9, 2024
Open
@ARUMAIS ARUMAIS mentioned this issue Sep 9, 2024
Open
@WontonSam WontonSam mentioned this issue Sep 9, 2024
Open
@leonardoadame leonardoadame mentioned this issue Sep 10, 2024
Open
This was referenced Sep 10, 2024
Open
Open
@leonardoadame leonardoadame mentioned this issue Sep 11, 2024
Open
@black-da-bull black-da-bull mentioned this issue Sep 12, 2024
Open
@ARUMAIS ARUMAIS mentioned this issue Sep 12, 2024
Open
@WontonSam WontonSam mentioned this issue Sep 12, 2024
Open
@leonardoadame leonardoadame mentioned this issue Sep 12, 2024
Open
@ARUMAIS ARUMAIS mentioned this issue Sep 13, 2024
Open
@albertchambers albertchambers mentioned this issue Sep 13, 2024
Open
This was referenced Sep 13, 2024
Open
Open
This was referenced Sep 28, 2024
Open
Open
Open
Open
Open
Open
@WontonSam WontonSam mentioned this issue Oct 3, 2024
Open
@ARUMAIS ARUMAIS mentioned this issue Oct 4, 2024
Open
This was referenced Oct 4, 2024
Open
Open
Open
@ARUMAIS ARUMAIS mentioned this issue Oct 5, 2024
Open
@WontonSam WontonSam mentioned this issue Oct 5, 2024
Open
@ARUMAIS ARUMAIS mentioned this issue Oct 6, 2024
Open
@nerds-github nerds-github mentioned this issue Oct 26, 2024
Open
@ARUMAIS ARUMAIS mentioned this issue Oct 27, 2024
Open
@WontonSam WontonSam mentioned this issue Oct 28, 2024
Open
@leonardoadame leonardoadame mentioned this issue Nov 2, 2024
Open
@ARUMAIS ARUMAIS mentioned this issue Nov 3, 2024
Open
@leonardoadame leonardoadame mentioned this issue Nov 3, 2024
Open
@HaLaGu1L HaLaGu1L mentioned this issue Nov 4, 2024
Open
@WontonSam WontonSam mentioned this issue Nov 4, 2024
Open
@IT21336072 IT21336072 mentioned this issue Nov 4, 2024
Open
@leonardoadame leonardoadame mentioned this issue Nov 5, 2024
Open
@jiisuominen jiisuominen mentioned this issue Nov 6, 2024
Merged
@ARUMAIS ARUMAIS mentioned this issue Nov 10, 2024
Open
@WontonSam WontonSam mentioned this issue Nov 10, 2024
Open
This was referenced Nov 11, 2024
Open
Open
@WontonSam WontonSam mentioned this issue Nov 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mxschmitt mxschmitt

Labels
v1.47
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pavelfeldman @mxschmitt @Samat-Imamov