Skip to content

Commit

Permalink
fix(secret): use only line with secret for long secret lines (aquasec…
Browse files Browse the repository at this point in the history
  • Loading branch information
DmitriyLewen authored and fhielpos committed Dec 20, 2024
1 parent d7f0237 commit b6daa42
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 2 deletions.
4 changes: 2 additions & 2 deletions pkg/fanal/secret/scanner.go
Original file line number Diff line number Diff line change
Expand Up @@ -504,8 +504,8 @@ func findLocation(start, end int, content []byte) (int, int, types.Code, string)
}

if lineEnd-lineStart > 100 {
lineStart = lo.Ternary(start-30 < 0, 0, start-30)
lineEnd = lo.Ternary(end+20 > len(content), len(content), end+20)
lineStart = lo.Ternary(start-lineStart-30 < 0, lineStart, start-30)
lineEnd = lo.Ternary(end+20 > lineEnd, lineEnd, end+20)
}
matchLine := string(content[lineStart:lineEnd])
endLineNum := startLineNum + bytes.Count(content[start:end], lineSep)
Expand Down
45 changes: 45 additions & 0 deletions pkg/fanal/secret/scanner_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -742,6 +742,42 @@ func TestSecretScanner(t *testing.T) {
},
},
}
wantFindingJWT := types.SecretFinding{
RuleID: "jwt-token",
Category: "JWT",
Title: "JWT token",
Severity: "MEDIUM",
StartLine: 3,
EndLine: 3,
Match: "jwt: ***********************************************************************************************************************************************************",
Code: types.Code{
Lines: []types.Line{
{
Number: 1,
Content: "asd",
Highlighted: "asd",
},
{
Number: 2,
Content: "aaaa",
Highlighted: "aaaa",
},
{
Number: 3,
Content: "jwt: ***********************************************************************************************************************************************************",
Highlighted: "jwt: ***********************************************************************************************************************************************************",
IsCause: true,
FirstCause: true,
LastCause: true,
},
{
Number: 4,
Content: "asda",
Highlighted: "asda",
},
},
},
}

tests := []struct {
name string
Expand Down Expand Up @@ -822,6 +858,15 @@ func TestSecretScanner(t *testing.T) {
Findings: []types.SecretFinding{wantFindingHuggingFace},
},
},
{
name: "find JWT token",
configPath: filepath.Join("testdata", "config.yaml"),
inputFilePath: filepath.Join("testdata", "jwt-secret.txt"),
want: types.Secret{
FilePath: filepath.Join("testdata", "jwt-secret.txt"),
Findings: []types.SecretFinding{wantFindingJWT},
},
},
{
name: "include when keyword found",
configPath: filepath.Join("testdata", "config-happy-keywords.yaml"),
Expand Down
4 changes: 4 additions & 0 deletions pkg/fanal/secret/testdata/jwt-secret.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
asd
aaaa
jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
asda

0 comments on commit b6daa42

Please sign in to comment.