Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add validity check #206

Merged
merged 11 commits into from
Feb 19, 2024
Merged

feat: add validity check #206

merged 11 commits into from
Feb 19, 2024

Conversation

baruchiro
Copy link
Contributor

This PR is the first implementation of validity check #191.

I added the flow of validation, controlled by the --validate flag, and added validation for Github token.

@github-actions GitHub Actions
Copy link

kics-logo

KICS version: v1.7.12

Category Results
HIGH HIGH 0
MEDIUM MEDIUM 0
LOW LOW 1
INFO INFO 0
TRACE TRACE 0
TOTAL TOTAL 1
Metric Values
Files scanned placeholder 1
Files parsed placeholder 1
Files failed to scan placeholder 0
Total executed queries placeholder 49
Queries failed to execute placeholder 0
Execution time placeholder 1

@baruchiro baruchiro mentioned this pull request Feb 18, 2024
Merged
@jossef
Copy link
Member

jossef commented Feb 18, 2024
edited
Loading

looks good to me, I think its worth adding an optional permission scopes of the found active secrets.

regarding terminology, suggesting to use status instead of validation (active, inactive, unknown) or active (true / false)

@baruchiro
Copy link
Contributor Author

looks good to me, I think its worth adding an optional permission scopes of the found active secrets.

regarding terminology, suggesting to use status instead of validation (active, inactive, unknown) or active (true / false)

As defined in #191, the possible values of the validation field are valid, revoked, and unknown, so it can't be a boolean field.

Since it is not guaranteed the user will enable this feature. the field might be empty, and I want its name to be meaningful and the user will understand why it is empty.

I left with the validationStatus name 😐

@baruchiro baruchiro merged commit 807e0b5 into master Feb 19, 2024
8 checks passed
@baruchiro baruchiro deleted the baruchiro/Add-Secret-validation branch February 19, 2024 07:28
@baruchiro baruchiro mentioned this pull request Feb 20, 2024
Merged
baruchiro pushed a commit that referenced this pull request Feb 21, 2024
feat: validate pairs of secrets (#210)
0c6fcaa 
After adding the simple validation process on #206, I'm now adding a
validation process for cases where both _access key_ and _secret key_
are needed together.

For these cases, the engine will collect those secrets and after the
scan is finished, it will validate all the pairs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jossef jossef Awaiting requested review from jossef

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@baruchiro @jossef