Merge pull request #260 from PVSec/master

Fix for issue #258

pre_commit_hooks/detect_aws_credentials.py

@@ -53,7 +53,9 @@ def get_aws_secrets_from_file(credentials_file):
             'aws_session_token',
         ):
             try:
-                keys.add(parser.get(section, var))
+                key = parser.get(section, var).strip()
+                if key:
+                    keys.add(key)
             except configparser.NoOptionError:
                 pass
     return keys

testing/resources/aws_config_without_secrets_with_spaces.ini

@@ -0,0 +1,4 @@
+# file with an AWS access key id but no valid AWS secret access key only space characters
+[production]
+aws_access_key_id = AKIASLARTARGENTINA86
+aws_secret_access_key =

tests/detect_aws_credentials_test.py

@@ -83,6 +83,7 @@ def test_get_aws_secrets_from_env(env_vars, values):
             },
         ),
         ('aws_config_without_secrets.ini', set()),
+        ('aws_config_without_secrets_with_spaces.ini', set()),
         ('nonsense.txt', set()),
         ('ok_json.json', set()),
     ),
@@ -100,6 +101,7 @@ def test_get_aws_secrets_from_file(filename, expected_keys):
         ('aws_config_with_session_token.ini', 1),
         ('aws_config_with_multiple_sections.ini', 1),
         ('aws_config_without_secrets.ini', 0),
+        ('aws_config_without_secrets_with_spaces.ini', 0),
         ('nonsense.txt', 0),
         ('ok_json.json', 0),
     ),