From 83fca4c614c4bd561b369749821676bba5ce467a Mon Sep 17 00:00:00 2001 From: Pablo Vega Date: Fri, 26 Jan 2018 00:28:39 -0800 Subject: [PATCH 1/3] Adding a check to make sure either spaces or null values are not mistakenly added into the key variable --- pre_commit_hooks/detect_aws_credentials.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py index b2afd71..47a69bf 100644 --- a/pre_commit_hooks/detect_aws_credentials.py +++ b/pre_commit_hooks/detect_aws_credentials.py @@ -53,7 +53,9 @@ def get_aws_secrets_from_file(credentials_file): 'aws_session_token', ): try: - keys.add(parser.get(section, var)) + key = parser.get(section, var).strip() + if key: + keys.add(key) except configparser.NoOptionError: pass return keys From 7c631b3b79217924cbe2c93a14a6f588340f5a4b Mon Sep 17 00:00:00 2001 From: Pablo Vega Date: Fri, 26 Jan 2018 15:19:01 -0800 Subject: [PATCH 2/3] Adding a test for detect_aws_credentials when key contains spaces --- tests/detect_aws_credentials_test.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py index 954f3d8..f1bd7d4 100644 --- a/tests/detect_aws_credentials_test.py +++ b/tests/detect_aws_credentials_test.py @@ -83,6 +83,7 @@ def test_get_aws_secrets_from_env(env_vars, values): }, ), ('aws_config_without_secrets.ini', set()), + ('aws_config_without_secrets_with_spaces.ini', set()), ('nonsense.txt', set()), ('ok_json.json', set()), ), @@ -100,6 +101,7 @@ def test_get_aws_secrets_from_file(filename, expected_keys): ('aws_config_with_session_token.ini', 1), ('aws_config_with_multiple_sections.ini', 1), ('aws_config_without_secrets.ini', 0), + ('aws_config_without_secrets_with_spaces.ini', 0), ('nonsense.txt', 0), ('ok_json.json', 0), ), From 97d838f792e08b074eee346c9509f39931e958b9 Mon Sep 17 00:00:00 2001 From: Pablo Vega Date: Fri, 26 Jan 2018 15:22:32 -0800 Subject: [PATCH 3/3] dding the file aws_config_without_secrets_with_spaces.ini for new test case --- testing/resources/aws_config_without_secrets_with_spaces.ini | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 testing/resources/aws_config_without_secrets_with_spaces.ini diff --git a/testing/resources/aws_config_without_secrets_with_spaces.ini b/testing/resources/aws_config_without_secrets_with_spaces.ini new file mode 100644 index 0000000..b169952 --- /dev/null +++ b/testing/resources/aws_config_without_secrets_with_spaces.ini @@ -0,0 +1,4 @@ +# file with an AWS access key id but no valid AWS secret access key only space characters +[production] +aws_access_key_id = AKIASLARTARGENTINA86 +aws_secret_access_key =