bugfix: Ignore integrity hash string (#216)

bridgecrewio · Jun 9, 2024 · 052fb20 · 052fb20
1 parent 45b0440
commit 052fb20
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/detect_secrets/plugins/azure_storage_key.py b/detect_secrets/plugins/azure_storage_key.py
@@ -78,6 +78,16 @@ def context_keys_exists(self, result: PotentialSecret, string: str) -> bool:
                     continue
                 if self.azure in regex.pattern.lower() and self.azure not in string.lower():
                     continue
+                if self.contains_integrity(result.secret_value, string):
+                    continue
                 if regex.search(string) is not None:
                     return True
         return False
+
+    @staticmethod
+    def contains_integrity(secret_val: str, string: str) -> bool:
+        # we want to ignore cases of lock files which contains hashes
+
+        regex = re.compile(r'integrity[:=]')
+        context_parts = string.split('\n')
+        return any(secret_val in part and regex.search(part) is not None for part in context_parts)
diff --git a/tests/plugins/azure_storage_key_test.py b/tests/plugins/azure_storage_key_test.py
@@ -187,6 +187,18 @@ class TestAzureStorageKeyDetector:
                 lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==""",
                 False,
             ),
+            (
+                """
+                resolution: {integrity: sha512-/AazAV/F+HK4LIywF9C+NYHcJo038zEnWkteilcxC1FM/uK/4NVGDKGrxx7nNq1ybspAroRKT4I1FHfxQzxkUw==}
+                engines: {node: '>=12.0.0'}
+                peerDependencies:
+                    '@azure/identity': '*'
+                    '@azure/msal-browser': '*'
+                    buffer: '*'
+                    stream-browserify: '*'
+                """,
+                False,
+            ),
         ],
     )
     def test_analyze(self, payload, should_flag):