Skip to content

Addressing issues with CredScan#16944

Merged
seankane-msft merged 2 commits intoAzure:masterfrom
seankane-msft:cred-scan-fixes
Mar 3, 2021
Merged

Addressing issues with CredScan#16944
seankane-msft merged 2 commits intoAzure:masterfrom
seankane-msft:cred-scan-fixes

Conversation

@seankane-msft
Copy link
Contributor

@seankane-msft seankane-msft commented Feb 25, 2021

@seankane-msft seankane-msft self-assigned this Feb 25, 2021
weshaggard
weshaggard reviewed Feb 25, 2021
View reviewed changes
eng/CredScanSuppression.json
"sdk/keyvault/azure-keyvault-certificates/tests/ca.key",
"sdk/identity/azure-identity/tests/ec-certificate.pem"
"sdk/identity/azure-identity/tests/ec-certificate.pem",
"sdk/core/azure-servicemanagement-legacy/tests/legacy_mgmt_settings_fake.py",
Copy link
Member

@weshaggard weshaggard Feb 25, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We want to be careful about excluding entire files because that means if there ever becomes an individual secret in one of them that we will not detect it. We are trying to only exclude files if the entire file is a fake key/certificate that is used for testing.

Copy link
Contributor

@sima-zhu sima-zhu Feb 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have checked this file. The purpose of this file is to add fake key in common place and use variables in tests. If people do not abuse the file with real key, then it is supposed to suppress in this way.

Copy link
Member

@weshaggard weshaggard Feb 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK yeah I think those cases are also reasonable. The approach also might be interesting for other languages if they need something similar.

sima-zhu
sima-zhu approved these changes Mar 2, 2021
View reviewed changes
Copy link
Contributor

@sima-zhu sima-zhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@seankane-msft seankane-msft merged commit ba5fce0 into Azure:master Mar 3, 2021
@seankane-msft seankane-msft deleted the cred-scan-fixes branch March 3, 2021 01:06
iscai-msft added a commit to iscai-msft/azure-sdk-for-python that referenced this pull request Mar 3, 2021
@iscai-msft
Merge branch 'master' of https://github.com/Azure/azure-sdk-for-python
5727484 
…into http_request_json

* 'master' of https://github.com/Azure/azure-sdk-for-python: (147 commits)
  [text analytics] add perf tests (Azure#17060)
  Add cloud event to core (Azure#16800)
  [Perf] Small fixes to storage-blob (Azure#17055)
  [EG] Regenerate Code (Azure#17053)
  Scrub batch shared keys (Azure#17030)
  [Tables] Add SAS to tables (Azure#16717)
  T2 containerservice 2021 03 03 (Azure#17050)
  Addressing issues with CredScan (Azure#16944)
  Communication chat preview4 (Azure#16905) (Azure#17037)
  remove first query section (Azure#17033)
  [formrecognizer] temp disable sample tests until service bug fixed (Azure#17036)
  [device update] allow device update pylint failures (Azure#17034)
  fix build (Azure#17029)
  update artifact names for ALL packages to align with the actual package name
  Create azure-iot-nspkg (Azure#17026)
  [Communication]: SMS 1:N Messages, Custom Tags, and Idempotence (Azure#16836)
  Fixing credentials to use AAD (Azure#16885)
  T2 deviceupdate 2021 03 02 (Azure#17016)
  T2 cosmosdb 2021 02 23 (Azure#16875)
  T2 datadog 2021 03 02 (Azure#17004)
  ...
iscai-msft added a commit that referenced this pull request Mar 3, 2021
@iscai-msft
Merge branch 'master' of https://github.com/Azure/azure-sdk-for-python
c31c0f9 
…into add_sample_check

* 'master' of https://github.com/Azure/azure-sdk-for-python: (388 commits)
  [text analytics] add normalized_text (#17074)
  Renaming with_token identity function (#17066)
  Adapt to azure core's cloud event (#17063)
  align perf tests with js (#17069)
  [Perfstress][Storage] Added FileShare perf tests (#15834)
  [formrecognizer] Adding custom forms perf test (#16969)
  Fix LanguageShort typo (#17068)
  sas creds updates (#17065)
  [eventgrid] Fix Sample eh (#17064)
  [Perfstress][Storage] Added Datalake perf tests (#15861)
  [text analytics] Healthcare n-ary relations (#16997)
  ServiceBus dict-representation acceptance and kwarg-update functionality  (#14807)
  [text analytics] add perf tests (#17060)
  Add cloud event to core (#16800)
  [Perf] Small fixes to storage-blob (#17055)
  [EG] Regenerate Code (#17053)
  Scrub batch shared keys (#17030)
  [Tables] Add SAS to tables (#16717)
  T2 containerservice 2021 03 03 (#17050)
  Addressing issues with CredScan (#16944)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@weshaggard weshaggard weshaggard left review comments

@danieljurek danieljurek Awaiting requested review from danieljurek

@mitchdenny mitchdenny Awaiting requested review from mitchdenny

@scbedd scbedd Awaiting requested review from scbedd

+1 more reviewer

@sima-zhu sima-zhu sima-zhu approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@seankane-msft seankane-msft

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@seankane-msft @weshaggard @sima-zhu