Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(secrets): Keep original secrets data in runtime for further validation #4144

Merged
merged 14 commits into from Dec 26, 2022
Merged

feat(secrets): Keep original secrets data in runtime for further validation #4144

merged 14 commits into from Dec 26, 2022

Conversation

marynaKK
Copy link
Contributor

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

added a class to save secrets data for further validation.

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

Eliran-Turgeman
Eliran-Turgeman reviewed Dec 25, 2022
View reviewed changes
checkov/secrets/coordinator.py Outdated
# should not have duplicates? - if duplicates allowed, implementation should be changed
# may be saved by file type first, then by key - or any other preprocessing that may help differ the secrets.

if check_result.get('result') == CheckResult.FAILED and enriched_secret.original_secret is not None:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can check these conditions before creating the EnrichedSecret object, in the runner itself

gruebel
gruebel reviewed Dec 25, 2022
View reviewed changes
checkov/secrets/coordinator.py


class EnrichedSecret:
__slots__ = ("original_secret", "bc_check_id", "resource")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice 🍪

checkov/secrets/coordinator.py Outdated
class EnrichedSecret:
__slots__ = ("original_secret", "bc_check_id", "resource")

def __init__(self, original_secret: Optional[str], bc_check_id: str, resource: str):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
def __init__(self, original_secret: Optional[str], bc_check_id: str, resource: str):
def __init__(self, original_secret: Optional[str], bc_check_id: str, resource: str) -> None:

checkov/secrets/coordinator.py Show resolved Hide resolved
Eliran-Turgeman
Eliran-Turgeman approved these changes Dec 26, 2022
View reviewed changes
Copy link
Contributor

@Eliran-Turgeman Eliran-Turgeman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥

@marynaKK marynaKK merged commit 7e98ee0 into main Dec 26, 2022
@marynaKK marynaKK deleted the add-original-secrets-data branch December 26, 2022 08:09
Teko012 pushed a commit to Teko012/checkov_fork_bridgecrewio that referenced this pull request Dec 26, 2022
@marynaKK @actions-user
feat(secrets): Keep original secrets data in runtime for further vali…
d04fd0a 
…dation (bridgecrewio#4144)

* add original secrets data

* fix mypy, flake8

* fix mypy?

* add  # noqa TC002

* cleanup

* After talk to Eliran

* last change

* Elirans' change2

* Elirans' change2

* removed letter

* remove print

* add slots :)

* fix

* fix2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gruebel gruebel gruebel left review comments

@lirshindalman lirshindalman lirshindalman approved these changes

@Eliran-Turgeman Eliran-Turgeman Eliran-Turgeman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@marynaKK @gruebel @lirshindalman @Eliran-Turgeman