Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Credential scanning tool flags shipped private key #32146

Closed
Samat-Imamov opened this issue Aug 13, 2024 · 4 comments
Closed

[Bug]: Credential scanning tool flags shipped private key #32146

Samat-Imamov opened this issue Aug 13, 2024 · 4 comments
Assignees
Labels

Comments

@Samat-Imamov
Copy link

Version

1.46.0

Steps to reproduce

Have credential scanning tool in a pipeline.

Expected behavior

No issues with credential scanning tool.

Actual behavior

Credential scanning tool flags key.pem as a file that contains a private secret.

Additional context

No response

Environment

N/A
@pavelfeldman
Copy link
Member

I believe this is about https://github.com/microsoft/playwright/tree/main/packages/playwright-core/bin/socks-certs and the credential scanning tool is checking for accidental certificates.

@pavelfeldman
Copy link
Member

pavelfeldman commented Aug 13, 2024

Certificates are a part of the package by design. Those are self-signed certificates for internal needs, so they should not be considered a secret. Please feel free to add them to the allow-list.

Having said that we understand this could be an inconvenience to the users that are not interested in the feature that these certificates enable, so we'll consider removing them and offering users to generate certificates during the build process should they need them.

@Samat-Imamov
Copy link
Author

Samat-Imamov commented Aug 13, 2024

Thank you for your answer! Since they are intended to be shipped, we can add them to the allow-list. Let us know what the consensus is on removing them!

@mxschmitt
Copy link
Member

This should be fixed in v1.46.1 by #32192.

kodiakhq bot referenced this issue in cloudquery/cloudquery Sep 1, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | devDependencies | patch | [`1.46.0` -> `1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.46.0/1.46.1) |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | devDependencies | minor | [`1.45.3` -> `1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.45.3/1.46.1) |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>microsoft/playwright (@&#8203;playwright/test)</summary>

### [`v1.46.1`](https://togithub.com/microsoft/playwright/releases/tag/v1.46.1)

[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)

##### Highlights

[https://github.com/microsoft/playwright/issues/32004](https://togithub.com/microsoft/playwright/issues/32004) - \[REGRESSION]: Client Certificates don't work with Microsoft IIS[https://github.com/microsoft/playwright/issues/32004](https://togithub.com/microsoft/playwright/issues/32004)4 - \[REGRESSION]: Websites stall on TLS handshake errors when using Client Certificate[https://github.com/microsoft/playwright/issues/32146](https://togithub.com/microsoft/playwright/issues/32146)46 - \[BUG]: Credential scanners warn about internal socks-proxy TLS certificat[https://github.com/microsoft/playwright/issues/32056](https://togithub.com/microsoft/playwright/issues/32056)056 - \[REGRESSION]: 1.46.0 (TypeScript) - custom fixtures extend no longer chaina[https://github.com/microsoft/playwright/issues/32070](https://togithub.com/microsoft/playwright/issues/32070)2070 - \[Bug]: --only-changed flag and project dependen[https://github.com/microsoft/playwright/issues/32188](https://togithub.com/microsoft/playwright/issues/32188)32188 - \[Bug]: --only-changed with shallow clone throws "unknown revision" error

##### Browser Versions

-   Chromium 128.0.6613.18
-   Mozilla Firefox 128.0
-   WebKit 18.0

This version was also tested against the following stable channels:

-   Google Chrome 127
-   Microsoft Edge 127

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants