[0.1.4] Github annotation off-by-one bug fix.

[darkarnium]

Overview

🛠️ New Features

• N/A

🍩 Improvements

• Pulls in latest STACS rules (r57ce3ce).

🐛 Bug Fixes

• Fix off-by-one edge case which caused Github pull-request annotation to fail.
  • This was triggered when a new file was added in a pull-request containing a credential on the first line.

[github-actions]

❌ STACS Finding

STACS has found a potential static token or credential at line 1 of tests/fixtures/ci/credential.txt due to potential AWS access key found.

Finding Sample

...aws_access_key_id=AKIAZJ3PDTI2R9JLXCTH
aws_secret_key_id=39...

If this credential is valid it should be immediately revoked, and the cause of this credential making it into this file investigated.

If this finding is against a 'fake' credential, such as in a test fixture, this finding can be suppressed using an ignore list in the root of this repository. A basic ignore list entry can be found below which may be suitable, otherwise, please refer to the STACS documentation

Example Suppression

{
    "ignore": [
        {
            "pattern": "tests/fixtures/ci/credential\\.txt$",
            "reason": "A reason for this suppression"
        }
    ],
    "include": []
}

_{[V:0.4.4, R:CredentialCloudAWSAccessKey, F:ddf2c31a0f0978a5f4f3dc21c84d0f2dfd4dc135]}