bridgecrewio · nimrodkor · Sep 29, 2022 · Sep 29, 2022
diff --git a/checkov/main.py b/checkov/main.py
@@ -165,7 +165,7 @@ def run(banner: str = checkov_banner, argv: List[str] = sys.argv[1:]) -> Optiona
                                  use_enforcement_rules=config.use_enforcement_rules,
                                  run_image_referencer=run_image_referencer,
                                  enable_secret_scan_all_files=bool(convert_str_to_bool(config.enable_secret_scan_all_files)),
-                                 black_list_secret_scan=config.black_list_secret_scan)
+                                 block_list_secret_scan=config.block_list_secret_scan)
 
     if outer_registry:
         runner_registry = outer_registry
@@ -577,11 +577,11 @@ def add_parser_args(parser: ArgumentParser) -> None:
                env_var='CKV_SECRETS_SCAN_ENABLE_ALL',
                action='store_true',
                help='enable secret scan for all files')
-    parser.add('--black-list-secret-scan',
+    parser.add('--block-list-secret-scan',
                default=[],
-               env_var='CKV_SECRETS_SCAN_BLACK_LIST',
+               env_var='CKV_SECRETS_SCAN_BLOCK_LIST',
                action='append',
-               help='black file list to filter out from the secret scanner')
+               help='List of files to filter out from the secret scanner')
     parser.add('--summary-position', default='top', choices=SUMMARY_POSITIONS,
                help='Chose whether the summary will be appended on top (before the checks results) or on bottom '
                     '(after check results), default is on top.')

diff --git a/checkov/runner_filter.py b/checkov/runner_filter.py
@@ -41,7 +41,7 @@ def __init__(
             show_progress_bar: Optional[bool] = True,
             run_image_referencer: bool = False,
             enable_secret_scan_all_files: bool = False,
-            black_list_secret_scan: Optional[List[str]] = None
+            block_list_secret_scan: Optional[List[str]] = None
     ) -> None:
 
         checks = convert_csv_string_arg_to_list(checks)
@@ -98,7 +98,7 @@ def __init__(
         self.filtered_policy_ids = filtered_policy_ids or []
         self.run_image_referencer = run_image_referencer
         self.enable_secret_scan_all_files = enable_secret_scan_all_files
-        self.black_list_secret_scan = black_list_secret_scan
+        self.block_list_secret_scan = block_list_secret_scan
 
     def apply_enforcement_rules(self, enforcement_rule_configs: Dict[str, CodeCategoryConfiguration]) -> None:
         self.enforcement_rule_configs = {}
@@ -247,10 +247,10 @@ def from_dict(obj: Dict[str, Any]) -> RunnerFilter:
         if run_image_referencer is None:
             run_image_referencer = False
         enable_secret_scan_all_files = bool(obj.get('enable_secret_scan_all_files'))
-        black_list_secret_scan = obj.get('black_list_secret_scan')
+        block_list_secret_scan = obj.get('block_list_secret_scan')
         runner_filter = RunnerFilter(framework, checks, skip_checks, include_all_checkov_policies,
                                      download_external_modules, external_modules_download_path, evaluate_variables,
                                      runners, skip_framework, excluded_paths, all_external, var_files,
                                      skip_cve_package, use_enforcement_rules, filtered_policy_ids, show_progress_bar,
-                                     run_image_referencer, enable_secret_scan_all_files, black_list_secret_scan)
+                                     run_image_referencer, enable_secret_scan_all_files, block_list_secret_scan)
         return runner_filter
diff --git a/checkov/secrets/runner.py b/checkov/secrets/runner.py
@@ -152,17 +152,17 @@ def run(
             excluded_paths = (runner_filter.excluded_paths or []) + ignored_directories + [DEFAULT_EXTERNAL_MODULES_DIR]
             if root_folder:
                 enable_secret_scan_all_files = runner_filter.enable_secret_scan_all_files
-                black_list_secret_scan = runner_filter.black_list_secret_scan or []
-                black_list_secret_scan_lower = [file_type.lower() for file_type in black_list_secret_scan]
+                block_list_secret_scan = runner_filter.block_list_secret_scan or []
+                block_list_secret_scan_lower = [file_type.lower() for file_type in block_list_secret_scan]
                 for root, d_names, f_names in os.walk(root_folder):
                     filter_ignored_paths(root, d_names, excluded_paths)
                     filter_ignored_paths(root, f_names, excluded_paths)
                     for file in f_names:
                         if enable_secret_scan_all_files:
                             if is_docker_file(file):
-                                if 'dockerfile' not in black_list_secret_scan_lower:
+                                if 'dockerfile' not in block_list_secret_scan_lower:
                                     files_to_scan.append(os.path.join(root, file))
-                            elif f".{file.split('.')[-1]}" not in black_list_secret_scan_lower:
+                            elif f".{file.split('.')[-1]}" not in block_list_secret_scan_lower:
                                 files_to_scan.append(os.path.join(root, file))
                         elif file not in PROHIBITED_FILES and f".{file.split('.')[-1]}" in SUPPORTED_FILE_EXTENSIONS or is_docker_file(file):
                             files_to_scan.append(os.path.join(root, file))

diff --git a/tests/secrets/test_runner.py b/tests/secrets/test_runner.py
@@ -228,7 +228,7 @@ def test_runner_requested_file_type_only_ts(self):
         report = runner.run(root_folder=valid_dir_path,
                             external_checks_dir=None,
                             runner_filter=RunnerFilter(framework=['secrets'],
-                                                       black_list_secret_scan=['.py', 'Dockerfile', '.tf', '.yml'],
+                                                       block_list_secret_scan=['.py', 'Dockerfile', '.tf', '.yml'],
                                                        enable_secret_scan_all_files=True))
         self.assertEqual(len(report.failed_checks), 2)
 
@@ -237,7 +237,7 @@ def test_runner_requested_file_type_only_py(self):
         valid_dir_path = current_dir + "/resources"
         runner = Runner()
         report = runner.run(root_folder=valid_dir_path, external_checks_dir=None,
-                            runner_filter=RunnerFilter(framework=['secrets'], black_list_secret_scan=['.ts', 'Dockerfile', '.tf', '.yml'],
+                            runner_filter=RunnerFilter(framework=['secrets'], block_list_secret_scan=['.ts', 'Dockerfile', '.tf', '.yml'],
                                                        enable_secret_scan_all_files=True))
         self.assertEqual(len(report.failed_checks), 2)
 
@@ -246,7 +246,7 @@ def test_runner_requested_file_type_only_yml(self):
         valid_dir_path = current_dir + "/resources"
         runner = Runner()
         report = runner.run(root_folder=valid_dir_path, external_checks_dir=None,
-                            runner_filter=RunnerFilter(framework=['secrets'], black_list_secret_scan=['.py', 'Dockerfile', '.tf', '.ts'],
+                            runner_filter=RunnerFilter(framework=['secrets'], block_list_secret_scan=['.py', 'Dockerfile', '.tf', '.ts'],
                                                        enable_secret_scan_all_files=True))
         self.assertEqual(len(report.failed_checks), 2)
 
@@ -256,7 +256,7 @@ def test_runner_requested_file_type_only_tf(self):
         runner = Runner()
         report = runner.run(root_folder=valid_dir_path, external_checks_dir=None,
                             runner_filter=RunnerFilter(framework=['secrets'],
-                                                       black_list_secret_scan=['.py', 'Dockerfile', '.ts', '.yml'],
+                                                       block_list_secret_scan=['.py', 'Dockerfile', '.ts', '.yml'],
                                                        enable_secret_scan_all_files=True))
         self.assertEqual(len(report.failed_checks), 3)
 
@@ -265,7 +265,7 @@ def test_runner_requested_file_type_only_tf_yml(self):
         valid_dir_path = current_dir + "/resources"
         runner = Runner()
         report = runner.run(root_folder=valid_dir_path, external_checks_dir=None,
-                            runner_filter=RunnerFilter(framework=['secrets'], black_list_secret_scan=['.py', 'Dockerfile', '.ts'],
+                            runner_filter=RunnerFilter(framework=['secrets'], block_list_secret_scan=['.py', 'Dockerfile', '.ts'],
                                                        enable_secret_scan_all_files=True))
         self.assertEqual(len(report.failed_checks), 5)
 
@@ -282,7 +282,7 @@ def test_runner_requested_file_only_dockerfile(self):
         valid_dir_path = current_dir + "/resources"
         runner = Runner()
         report = runner.run(root_folder=valid_dir_path, external_checks_dir=None,
-                            runner_filter=RunnerFilter(framework=['secrets'], black_list_secret_scan=['.py', '.tf', '.ts', '.yml'],
+                            runner_filter=RunnerFilter(framework=['secrets'], block_list_secret_scan=['.py', '.tf', '.ts', '.yml'],
                                                        enable_secret_scan_all_files=True))
         self.assertEqual(len(report.failed_checks), 4)