Skip to content

Commit

Permalink
env key should not contain space (#203)
Browse files Browse the repository at this point in the history
  • Loading branch information
tomoyamachi authored Oct 21, 2022
1 parent 87ae713 commit 3fbe4cf
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
3 changes: 3 additions & 0 deletions pkg/assessor/manifest/manifest.go
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,9 @@ func sensitiveVars(cmd string) (bool, string) {
}
vars := strings.Split(word, "=")
varName, varVal := vars[0], vars[1]
if strings.Contains(varName, " ") {
continue
}
if varVal == "" {
continue
}
Expand Down
6 changes: 5 additions & 1 deletion pkg/assessor/manifest/manifest_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -414,9 +414,13 @@ func TestSensitiveVars(t *testing.T) {
"mixed cases": {cmd: "/bin/sh -c #(nop) ENV PasS=ADMIN", expected: true},
"two vars": {cmd: "/bin/sh -c #(nop) ENV abc=hello password=sensibledata", expected: true},
"empty two value": {cmd: "/bin/sh -c #(nop) ENV ABC=hello PASS= ", expected: false},
"run command": {cmd: `/bin/sh -c SECRET_API_KEY=63AF7AA15067C05616FDDD88A3A2E8F226F0BC06 echo "data"`, expected: true},
"run command": {cmd: `/bin/sh -c SECRET_API_KEY=63AF7AA15067C05616FDDD88A3A2E8F226F0BC06 echo "data"`, expected: true},
"run false positive": {cmd: `/bin/sh -c HELLO="PASS=\"notThis\"" echo "false positive"`, expected: false},
"run command 2": {cmd: `/bin/sh -c SECRET=myLittleSecret VAR2=VALUE2 VAR3=VALUE3 echo "Do something"`, expected: true},
"secret with space": {cmd: `/bin/sh -c SECRET="hello world"`, expected: true},
"skip space key": {cmd: `/bin/sh -c echo 'secret = foo;' > test.conf`, expected: false},
// TODO : expected must be false
//"skip echo string": {cmd: `/bin/sh -c echo 'secret=foo;' > test.conf`, expected: true},
}
for testname, v := range tests {
actual, _ := sensitiveVars(v.cmd)
Expand Down

0 comments on commit 3fbe4cf

Please sign in to comment.