False Positive on Dummy Keys/Passwords in Test Cases #1
Description
Currently, our tool mistakenly identifies dummy keys, passwords, and similar test data as secrets during the scan. This includes data from test cases and fixtures. These dummy values should not be flagged as secrets because they are not sensitive information.
Solution: Add Option to Ignore Test Cases and Fixtures
We need to introduce a command-line option to the secret_scanner tool that will allow the user to skip scanning test cases or fixtures. This will ensure that the tool doesn't flag dummy test data as secrets.
Proposed Command-Line Argument
- Command:
./secret_scanner [dir] --ignore testcase - Functionality: When this flag is passed, the tool will ignore any files or directories that contain test cases or fixture data. These files should not be scanned for secrets.
Example Usage:
./secret_scanner ./my_project --ignore testcaseThis command will scan all directories except those containing test case files or fixtures.
Benefits of This Change
- Improved Accuracy: The tool won't mistakenly flag non-sensitive data in test cases or fixtures.
- User Flexibility: Users can choose to skip these files if they know they are filled with dummy data.
This change will make the tool more user-friendly and prevent unnecessary alerts from being generated in development environments.
Note: Make sure to add relevant testcase to proof you implementation work