Update AzureSearchAdminKey detector #3634
Conversation
rgmz
force-pushed
the
feat/azure-search
branch
from
8d56655
to
1dd64ad
Compare
| Raw: []byte(resMatch), | ||
| RawV2: []byte(resMatch + resServiceMatch), | ||
| Raw: []byte(key), | ||
| RawV2: []byte(`{"service":"` + service + `","key":"` + key + `"}`), |
There was a problem hiding this comment.
Changing the RawV2 value will break some enterprise customers, as we currently have secrets verified using the old key+service format. This change would orphan previously verified credentials and create duplicates. Is there a reason we can't continue supporting the old format?
There was a problem hiding this comment.
Is there a reason we can't continue supporting the old format?
Obviously you get the final say here, but #2128 has been a PITA for me and others using OSS.
TL;DR Most of the existing RawV2 values are suboptional because they smash together text (sometimes without a delimiter) and are devoid of context/keywords. This makes it impossible to programmatically re-construct and re-verify results.
There was a problem hiding this comment.
My guess is that when RawV2 was proposed, we didn't account for its visibility in OSS reporting. Wonder if we can find a solution that preserves readability for OSS while avoiding duplicates on the enterprise side?
This likely requires a broader discussion, and I think @zricethezav will have the most input, but I agree that combining multiple credentials makes them difficult to interpret and largely ineffective
rgmz
force-pushed
the
feat/azure-search
branch
from
1dd64ad
to
91e6661
Compare
|
Seems like a new/different error introduced by the azure storage change. I'll take a look when I'm back on the computer. |
Description:
There are a number of problems with this detector. This Pr attempts to fix some of the glaring issues.
e.g.,
Checklist:
make test-community)?make lintthis requires golangci-lint)?