-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(secret): add prefix to exclude 0-9a-zA-Z
before secret
#7176
Comments
0-9a-zA-Z
before secret0-9a-zA-Z
before secret
@DmitriyLewen I would assign it to @afdesk. Could you assist him as you know more context? |
@knqyf263 @DmitriyLewen I have a question. Should we detect next string as a secret?
IMHO, yes, because it still contains sensitive data, but now Trivy skips it. |
Which rule? Why isn't it detected now? |
Only for this rule was added trivy/pkg/fanal/secret/builtin-rules.go Line 110 in b76a725
|
@knqyf263 is it a mistake? |
It's weird. For me, it looks like It should be detected. @DmitriyLewen updated the regex last time. We can wait for him. |
If I understand correctly, #5647 didn't affect on @knqyf263 thanks. I understood your point |
I added this in aquasecurity/fanal#514 Looks like it was my mistake. UPD: |
Description
We don't need to detect secrets containing
0-9a-zA-Z
before secret.e.g. finding a secret in
#define DISPID_ICANVASRENDERINGCONTEXT2D_CANVAS DISPID_CANVASRENDERCONTEXT2D
is false positive.Important points:
starting line/file
.The text was updated successfully, but these errors were encountered: