Unit test for empty AWS variables

2026-03-30 02:16:52 +00:00 · 2020-02-13 12:01:38 +00:00 · 2020-02-13 12:01:38 +00:00 · 75d4832e98
commit 75d4832e98
parent ace459bec5
2 changed files with 4 additions and 2 deletions
--- a/pre_commit_hooks/detect_aws_credentials.py
+++ b/pre_commit_hooks/detect_aws_credentials.py
@ -31,7 +31,7 @@ def get_aws_secrets_from_env() -> Set[str]:
    for env_var in (
        'AWS_SECRET_ACCESS_KEY', 'AWS_SECURITY_TOKEN', 'AWS_SESSION_TOKEN',
    ):
-        if env_var in os.environ:
+        if env_var in os.environ and os.environ[env_var]:
            keys.add(os.environ[env_var])
    return keys

@ -84,7 +84,7 @@ def check_file_for_aws_keys(
            for key in keys:
                # naively match the entire file, low chance of incorrect
                # collision
-                if key and key in text_body:
+                if key in text_body:
                    bad_files.append(BadFile(filename, key[:4].ljust(28, '*')))
    return bad_files

--- a/tests/detect_aws_credentials_test.py
+++ b/tests/detect_aws_credentials_test.py
@ -47,6 +47,8 @@ def test_get_aws_credentials_file_from_env(env_vars, values):
        ({'AWS_SECRET_ACCESS_KEY': 'foo'}, {'foo'}),
        ({'AWS_SECURITY_TOKEN': 'foo'}, {'foo'}),
        ({'AWS_SESSION_TOKEN': 'foo'}, {'foo'}),
+        ({'AWS_SESSION_TOKEN': ''}, set()),
+        ({'AWS_SESSION_TOKEN': 'foo', 'AWS_SECURITY_TOKEN': ''}, {'foo'}),
        ({'AWS_DUMMY_KEY': 'foo', 'AWS_SECRET_ACCESS_KEY': 'bar'}, {'bar'}),
        (
            {'AWS_SECRET_ACCESS_KEY': 'foo', 'AWS_SECURITY_TOKEN': 'bar'},