feat(secrets scanning): support globs #5594
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This pull request adds or modifies JavaScript ( |
sean-roberts
commented
Apr 17, 2024
| ␊ | ||
| Secret env var "ENV_VAR_2"'s value detected:␊ | ||
| found value at line 1 in dist/static-files/notsafefile.js␊ | ||
| found value at line 1 in src/static-files/notsafefile.js␊ |
There was a problem hiding this comment.
context: the tests omit our globbed path but not the file next to it by design.
sean-roberts
commented
Apr 17, 2024
| const omitPathMatches = (relativePath, omitPaths) => { | ||
| return omitPaths.some((oPath) => { | ||
| // check if the substring matches or glob pattern | ||
| return relativePath.startsWith(oPath) || minimatch(relativePath, oPath, { dot: true }) |
There was a problem hiding this comment.
the actual change is using minimatch for globs in addition to substring support
|
The change itself looks good. I'm wondering if there's a different matching library we could use that's already part of the dependencies, so we don't increase bundlesize unneccessarily. |
Skn0tt
reviewed
Apr 17, 2024
|
@Skn0tt I used minimatch because it's used in the build-info package |
|
Oh, good point! I still think we should concentrate on one, but that's a separate issue then :D |
Skn0tt
previously approved these changes
Apr 17, 2024
|
Agreed! |
sean-roberts
changed the title
JGAntunes
approved these changes
Apr 17, 2024
Merged
This was referenced May 23, 2024
Merged
Merged
Merged
This was referenced Jun 5, 2024
Merged
Merged
Merged
Merged
Merged
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🎉 Thanks for submitting a pull request! 🎉
Summary
Support for globs support for secrets scanning. Requested by enterprise team: https://netlify.slack.com/archives/C023PC3D08J/p1713347068392949
Fixes https://linear.app/netlify/issue/COM-665/glob-support-in-secrets-scan-omit-paths
For us to review and ship your PR efficiently, please perform the following steps:
we can discuss the changes and get feedback from everyone that should be involved. If you`re fixing a typo or
something that`s on fire 🔥 (e.g. incident related), you can skip this step.
your code follows our style guide and passes our tests.
A picture of a cute animal (not mandatory, but encouraged)