-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(secrets): Keep original secrets data in runtime for further validation #4144
Conversation
checkov/secrets/coordinator.py
Outdated
# should not have duplicates? - if duplicates allowed, implementation should be changed | ||
# may be saved by file type first, then by key - or any other preprocessing that may help differ the secrets. | ||
|
||
if check_result.get('result') == CheckResult.FAILED and enriched_secret.original_secret is not None: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can check these conditions before creating the EnrichedSecret
object, in the runner itself
|
||
|
||
class EnrichedSecret: | ||
__slots__ = ("original_secret", "bc_check_id", "resource") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice 🍪
checkov/secrets/coordinator.py
Outdated
class EnrichedSecret: | ||
__slots__ = ("original_secret", "bc_check_id", "resource") | ||
|
||
def __init__(self, original_secret: Optional[str], bc_check_id: str, resource: str): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
def __init__(self, original_secret: Optional[str], bc_check_id: str, resource: str): | |
def __init__(self, original_secret: Optional[str], bc_check_id: str, resource: str) -> None: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔥
…dation (bridgecrewio#4144) * add original secrets data * fix mypy, flake8 * fix mypy? * add # noqa TC002 * cleanup * After talk to Eliran * last change * Elirans' change2 * Elirans' change2 * removed letter * remove print * add slots :) * fix * fix2
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Description
added a class to save secrets data for further validation.
Checklist: