Fix public key FPs (#242)

bridgecrewio · Dec 19, 2024 · f1fa1d0 · f1fa1d0
1 parent b1c2e59
commit f1fa1d0
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/detect_secrets/plugins/keyword.py b/detect_secrets/plugins/keyword.py
@@ -66,6 +66,10 @@
     'recaptcha_.*key',
     'nessus_?key',
 )
+ALLOWLIST = (
+    'publickeytoken',
+    'tokenendpoint',
+)
 # Includes ], ', " as closing
 CLOSING = r'[]\'"]{0,2}'
 AFFIX_REGEX = r'\w*'
@@ -308,6 +312,9 @@ def analyze_string(
         string: str,
         denylist_regex_to_group: Optional[Dict[Pattern, int]] = None,
     ) -> Generator[str, None, None]:
+        if any(allowed.lower() in string.lower() for allowed in ALLOWLIST):
+            return
+
         if self.keyword_exclude and self.keyword_exclude.search(string):
             return
 

diff --git a/tests/plugins/keyword_test.py b/tests/plugins/keyword_test.py
@@ -50,6 +50,8 @@
     ('API-KEY = {}'.format(COMMON_SECRET), COMMON_SECRET),
     ('nessus_key: {}'.format(COMMON_SECRET), COMMON_SECRET),
     (LONG_LINE, None),  # Long line test
+    ('<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="{}" />'.format(COMMON_SECRET), None), # XML FP
+    ('<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="{}" />'.format(COMMON_SECRET), None), # XML FP
 ]
 
 GOLANG_TEST_CASES = [