Skip to content

Commit

Permalink
fix: add detector and line number of potential secret (#6661)
Browse files Browse the repository at this point in the history 
Co-authored-by: Kay Agahd <[email protected]>
  • Loading branch information
@prowler-bot @kagahd
prowler-bot and kagahd authored Jan 22, 2025
1 parent 27fe201 commit 0204d24
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 6 deletions.
10 changes: 9 additions & 1 deletion ...oviders/aws/services/ec2/ec2_launch_template_no_secrets/ec2_launch_template_no_secrets.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,15 @@ def execute(self):
)

if version_secrets:
versions_with_secrets.append(str(version.version_number))
secrets_string = ", ".join(
[
f"{secret['type']} on line {secret['line_number']}"
for secret in version_secrets
]
)
versions_with_secrets.append(
f"Version {version.version_number}: {secrets_string}"
)

if len(versions_with_secrets) > 0:
report.status = "FAIL"
Expand Down
10 changes: 5 additions & 5 deletions ...rs/aws/services/ec2/ec2_launch_template_no_secrets/ec2_launch_template_no_secrets_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ def test_one_launch_template_with_secrets(self):
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== "Potential secret found in User Data for EC2 Launch Template tester1 in template versions: 123."
== "Potential secret found in User Data for EC2 Launch Template tester1 in template versions: Version 123: Secret Keyword on line 1."
)
assert result[0].resource_id == "lt-1234567890"
assert result[0].region == AWS_REGION_US_EAST_1
Expand Down Expand Up @@ -223,7 +223,7 @@ def test_one_launch_template_with_secrets_in_multiple_versions(self):
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Potential secret found in User Data for EC2 Launch Template {launch_template_name} in template versions: 1, 2."
== f"Potential secret found in User Data for EC2 Launch Template {launch_template_name} in template versions: Version 1: Secret Keyword on line 1, Hex High Entropy String on line 3, Secret Keyword on line 3, Secret Keyword on line 4, Version 2: Secret Keyword on line 1, Hex High Entropy String on line 3, Secret Keyword on line 3, Secret Keyword on line 4."
)
assert result[0].resource_id == launch_template_id
assert result[0].region == AWS_REGION_US_EAST_1
Expand Down Expand Up @@ -297,7 +297,7 @@ def test_one_launch_template_with_secrets_in_single_version(self):
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Potential secret found in User Data for EC2 Launch Template {launch_template_name} in template versions: 1."
== f"Potential secret found in User Data for EC2 Launch Template {launch_template_name} in template versions: Version 1: Secret Keyword on line 1, Hex High Entropy String on line 3, Secret Keyword on line 3, Secret Keyword on line 4."
)
assert result[0].resource_id == launch_template_id
assert result[0].region == AWS_REGION_US_EAST_1
Expand Down Expand Up @@ -361,7 +361,7 @@ def test_one_launch_template_with_secrets_gzip(self):
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Potential secret found in User Data for EC2 Launch Template {launch_template_name} in template versions: 1."
== f"Potential secret found in User Data for EC2 Launch Template {launch_template_name} in template versions: Version 1: Secret Keyword on line 1, Hex High Entropy String on line 3, Secret Keyword on line 3, Secret Keyword on line 4."
)
assert result[0].resource_id == launch_template_id
assert result[0].region == AWS_REGION_US_EAST_1
Expand Down Expand Up @@ -502,7 +502,7 @@ def test_two_launch_templates_one_template_with_secrets(self):
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Potential secret found in User Data for EC2 Launch Template {launch_template_name1} in template versions: 1."
== f"Potential secret found in User Data for EC2 Launch Template {launch_template_name1} in template versions: Version 1: Secret Keyword on line 1, Hex High Entropy String on line 3, Secret Keyword on line 3, Secret Keyword on line 4."
)
assert result[0].resource_id == launch_template_id1
assert result[0].region == AWS_REGION_US_EAST_1
Expand Down

0 comments on commit 0204d24

Please sign in to comment.