Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Addressing issues with CredScan #16944

Merged
merged 2 commits into from
Mar 3, 2021
Merged

Addressing issues with CredScan #16944

merged 2 commits into from
Mar 3, 2021

Conversation

seankane-msft
Copy link
Member

@seankane-msft seankane-msft self-assigned this Feb 25, 2021
weshaggard
weshaggard reviewed Feb 25, 2021
View reviewed changes
eng/CredScanSuppression.json
@@ -35,9 +35,13 @@
{
"file":[
"sdk/keyvault/azure-keyvault-certificates/tests/ca.key",
"sdk/identity/azure-identity/tests/ec-certificate.pem"
"sdk/identity/azure-identity/tests/ec-certificate.pem",
"sdk/core/azure-servicemanagement-legacy/tests/legacy_mgmt_settings_fake.py",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We want to be careful about excluding entire files because that means if there ever becomes an individual secret in one of them that we will not detect it. We are trying to only exclude files if the entire file is a fake key/certificate that is used for testing.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have checked this file. The purpose of this file is to add fake key in common place and use variables in tests. If people do not abuse the file with real key, then it is supposed to suppress in this way.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK yeah I think those cases are also reasonable. The approach also might be interesting for other languages if they need something similar.

sima-zhu
sima-zhu approved these changes Mar 2, 2021
View reviewed changes
Copy link
Contributor

@sima-zhu sima-zhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@seankane-msft seankane-msft merged commit ba5fce0 into Azure:master Mar 3, 2021
@seankane-msft seankane-msft deleted the cred-scan-fixes branch March 3, 2021 01:06
iscai-msft added a commit to iscai-msft/azure-sdk-for-python that referenced this pull request Mar 3, 2021
@iscai-msft
Merge branch 'master' of https://github.com/Azure/azure-sdk-for-python
5727484 
…into http_request_json

* 'master' of https://github.com/Azure/azure-sdk-for-python: (147 commits)
  [text analytics] add perf tests (Azure#17060)
  Add cloud event to core (Azure#16800)
  [Perf] Small fixes to storage-blob (Azure#17055)
  [EG] Regenerate Code (Azure#17053)
  Scrub batch shared keys (Azure#17030)
  [Tables] Add SAS to tables (Azure#16717)
  T2 containerservice 2021 03 03 (Azure#17050)
  Addressing issues with CredScan (Azure#16944)
  Communication chat preview4 (Azure#16905) (Azure#17037)
  remove first query section (Azure#17033)
  [formrecognizer] temp disable sample tests until service bug fixed (Azure#17036)
  [device update] allow device update pylint failures (Azure#17034)
  fix build (Azure#17029)
  update artifact names for ALL packages to align with the actual package name
  Create azure-iot-nspkg (Azure#17026)
  [Communication]: SMS 1:N Messages, Custom Tags, and Idempotence (Azure#16836)
  Fixing credentials to use AAD (Azure#16885)
  T2 deviceupdate 2021 03 02 (Azure#17016)
  T2 cosmosdb 2021 02 23 (Azure#16875)
  T2 datadog 2021 03 02 (Azure#17004)
  ...
iscai-msft added a commit that referenced this pull request Mar 3, 2021
@iscai-msft
Merge branch 'master' of https://github.com/Azure/azure-sdk-for-python
c31c0f9 
…into add_sample_check

* 'master' of https://github.com/Azure/azure-sdk-for-python: (388 commits)
  [text analytics] add normalized_text (#17074)
  Renaming with_token identity function (#17066)
  Adapt to azure core's cloud event (#17063)
  align perf tests with js (#17069)
  [Perfstress][Storage] Added FileShare perf tests (#15834)
  [formrecognizer] Adding custom forms perf test (#16969)
  Fix LanguageShort typo (#17068)
  sas creds updates (#17065)
  [eventgrid] Fix Sample eh (#17064)
  [Perfstress][Storage] Added Datalake perf tests (#15861)
  [text analytics] Healthcare n-ary relations (#16997)
  ServiceBus dict-representation acceptance and kwarg-update functionality  (#14807)
  [text analytics] add perf tests (#17060)
  Add cloud event to core (#16800)
  [Perf] Small fixes to storage-blob (#17055)
  [EG] Regenerate Code (#17053)
  Scrub batch shared keys (#17030)
  [Tables] Add SAS to tables (#16717)
  T2 containerservice 2021 03 03 (#17050)
  Addressing issues with CredScan (#16944)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weshaggard weshaggard weshaggard left review comments

@sima-zhu sima-zhu sima-zhu approved these changes

@danieljurek danieljurek Awaiting requested review from danieljurek

@mitchdenny mitchdenny Awaiting requested review from mitchdenny

@scbedd scbedd Awaiting requested review from scbedd

Assignees

@seankane-msft seankane-msft

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@seankane-msft @weshaggard @sima-zhu