Skip to content

Commit 00d38c6

Browse files
hugo-synhugo-syn
committed
fix: filter secrets
1 parent 32cbfda commit 00d38c6

File tree

1 file changed

+14
-12
lines changed

1 file changed

+14
-12
lines changed

pkg/crawler/scan.go

Lines changed: 14 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -81,19 +81,21 @@ func SecretsMatch(url, body string, secretsFile *[]string) []scanner.SecretMatch
8181

8282
if len(res) > 0 {
8383
for _, resSecret := range res {
84-
sec := scanner.Secret{
85-
Name: resSecret.DetectorType.String(),
86-
Description: resSecret.DetectorType.String(),
87-
Regex: "",
88-
FalsePositives: []string{},
89-
Poc: "",
84+
if resSecret.Verified {
85+
sec := scanner.Secret{
86+
Name: resSecret.DetectorType.String(),
87+
Description: resSecret.DetectorType.String(),
88+
Regex: "",
89+
FalsePositives: []string{},
90+
Poc: "",
91+
}
92+
secretFound := scanner.SecretMatched{Secret: sec, URL: url, Match: string(resSecret.Raw)}
93+
94+
// prevent concurent write
95+
sem.Acquire(ctx, 1)
96+
secrets = append(secrets, secretFound)
97+
sem.Release(1)
9098
}
91-
secretFound := scanner.SecretMatched{Secret: sec, URL: url, Match: string(resSecret.Raw)}
92-
93-
// prevent concurent write
94-
sem.Acquire(ctx, 1)
95-
secrets = append(secrets, secretFound)
96-
sem.Release(1)
9799
}
98100
}
99101
}(trufflehogScanner)

0 commit comments

Comments
 (0)