Skip to content

Commit

Permalink
feat(secret): truncate matched line if it is long (fanal#494)
Browse files Browse the repository at this point in the history
  • Loading branch information
@knqyf263
knqyf263 authored Apr 26, 2022
1 parent acaa8dd commit 1a6d9cb
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 0 deletions.
5 changes: 5 additions & 0 deletions secret/scanner.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -392,6 +392,11 @@ func findLocation(start, end int, content []byte) (int, int, string) {

match := string(content[start:end])
matchLine := string(content[lineStart:lineEnd])
if len(matchLine) > 100 {
truncatedLineStart := lo.Ternary(start-30 < 0, 0, start-30)
truncatedLineEnd := lo.Ternary(end+20 > len(content), len(content), end+20)
matchLine = string(content[truncatedLineStart:truncatedLineEnd])
}

// Mask credentials
matchLine = strings.TrimSpace(strings.ReplaceAll(matchLine, match, "*****"))
Expand Down
17 changes: 17 additions & 0 deletions secret/scanner_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,15 @@ func TestSecretScanner(t *testing.T) {
EndLine: 1,
Match: "GITHUB_PAT=*****",
}
wantFinding7 := types.SecretFinding{
RuleID: "github-pat",
Category: secret.CategoryGitHub,
Title: "GitHub Personal Access Token",
Severity: "CRITICAL",
StartLine: 1,
EndLine: 1,
Match: "aaaaaaaaaaaaaaaaaa GITHUB_PAT=***** bbbbbbbbbbbbbbbbbbb",
}

tests := []struct {
name string
Expand Down Expand Up @@ -216,6 +225,14 @@ func TestSecretScanner(t *testing.T) {
Findings: []types.SecretFinding{wantFinding3, wantFinding4},
},
},
{
name: "truncate long line",
inputFilePath: "testdata/long-line-secret.txt",
want: types.Secret{
FilePath: "testdata/long-line-secret.txt",
Findings: []types.SecretFinding{wantFinding7},
},
},
}

for _, tt := range tests {
Expand Down
1 change: 1 addition & 0 deletions secret/testdata/long-line-secret.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa GITHUB_PAT=ghp_012345678901234567890123456789abcdef bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb

0 comments on commit 1a6d9cb

Please sign in to comment.