Skip to content

Commit

Permalink
Update aws access keys (#221)
Browse files Browse the repository at this point in the history
  • Loading branch information
tsmithv11 authored Oct 6, 2024
1 parent 0a65383 commit 74ba49d
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 3 deletions.
9 changes: 6 additions & 3 deletions detect_secrets/plugins/aws.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ class AWSKeyDetector(RegexBasedDetector):
secret_keyword = r'(?:key|pwd|pw|password|pass|token)'

denylist = (
re.compile(r'AKIA[0-9A-Z]{16}'),
re.compile(r'(?:A3T[A-Z0-9]|ABIA|ACCA|AKIA|ASIA)[0-9A-Z]{16}'),

# This examines the variable name to identify AWS secret tokens.
# The order is important since we want to prefer finding `AKIA`-based
# The order is important since we want to prefer finding access
# keys (since they can be verified), rather than the secret tokens.

re.compile(
Expand Down Expand Up @@ -99,7 +99,10 @@ def verify_aws_secret_access_key(key: str, secret: str) -> bool: # pragma: no c
}

# Step #1: Canonical Request
signed_headers = ';'.join(header.lower() for header in headers)
signed_headers = ';'.join(
header.lower()
for header in headers
)
canonical_request = textwrap.dedent("""
POST
/
Expand Down
16 changes: 16 additions & 0 deletions tests/plugins/aws_key_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,22 @@ def setup_method(self):
'AKIAZZZ',
False,
),
(
'A3T0ZZZZZZZZZZZZZZZZ',
True,
),
(
'ABIAZZZZZZZZZZZZZZZZ',
True,
),
(
'ACCAZZZZZZZZZZZZZZZZ',
True,
),
(
'ASIAZZZZZZZZZZZZZZZZ',
True,
),
(
'aws_access_key = "{}"'.format(EXAMPLE_SECRET),
True,
Expand Down

0 comments on commit 74ba49d

Please sign in to comment.