Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PYIC-6710 exclude secrets in contract tests #2036

Merged
merged 7 commits into from
Jun 25, 2024
Merged

PYIC-6710 exclude secrets in contract tests #2036

merged 7 commits into from
Jun 25, 2024

Conversation

thebauSoftwire
Copy link
Contributor

@thebauSoftwire thebauSoftwire commented Jun 19, 2024
edited by jira bot
Loading

Proposed changes

What changed

  • add inline inclusions to "secrets" in contract tests

Why did it change

The .secrets.baseline file was being updated with new secrets every time a "secret" was detected. Instead, we should use rules to avoid false positives being added to the baseline. This means we'll have less conflicts as the only changes made to the baseline should be if the filters are updated.

Issue tracking

@thebauSoftwire thebauSoftwire force-pushed the PYIC-6710 branch 2 times, most recently from 62e1964 to 1859d12 Compare June 20, 2024 13:55
@thebauSoftwire thebauSoftwire force-pushed the PYIC-6710-remove-secrets-in-contract-tests branch from 23d2c17 to 52ad495 Compare June 20, 2024 14:27
thebauSoftwire
thebauSoftwire commented Jun 20, 2024
View reviewed changes
.secrets.baseline
@@ -115,7 +115,8 @@
"pattern": [
"(?i)dummyapikey",
"(?i)test-secret",
"^x-api-key$"
"^x-api-key$",
"^1f9d73167e2166b707c6$"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This secret is within a multi-line string so I couldn't use an inline exclusion comment next to it

This was referenced Jun 20, 2024
Closed
Draft
sam803
sam803 previously approved these changes Jun 21, 2024
View reviewed changes
Base automatically changed from PYIC-6710 to main June 24, 2024 11:20
@DanCorderIPV DanCorderIPV dismissed sam803’s stale review June 24, 2024 11:20

The base branch was changed.

@Joe-Edwards-GDS Joe-Edwards-GDS force-pushed the PYIC-6710-remove-secrets-in-contract-tests branch from cdd25a2 to c3b4d2f Compare June 25, 2024 09:48
@Joe-Edwards-GDS Joe-Edwards-GDS marked this pull request as ready for review June 25, 2024 09:55
@Joe-Edwards-GDS Joe-Edwards-GDS requested review from a team as code owners June 25, 2024 09:55
@Joe-Edwards-GDS Joe-Edwards-GDS merged commit ce639dc into main Jun 25, 2024
11 checks passed
@Joe-Edwards-GDS Joe-Edwards-GDS deleted the PYIC-6710-remove-secrets-in-contract-tests branch June 25, 2024 10:01
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jun 25, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Wynndow Wynndow Wynndow approved these changes

@sam803 sam803 sam803 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@thebauSoftwire @sam803 @Wynndow @Joe-Edwards-GDS