Comments (3)
Hi @Fennerr, we've talked internally about this possibility:
- The
detect-secrets
library has not the ability to show the detected secrets in plaintext. We could extract it from the source code using the line reported by the library. - We think is not a good practice to output the detected secret in the Prowler output.
- We think is enough to have the secret type and the line number for the auditor because you can pass that information to the code owner to fix the issue in a secret manner.
What do you think?
from prowler.
@jfagoagas that makes sense. I did notice that detect-secrets
didnt actually store the the secret as plaintext, and thought about extracting it from the temp file it flagged on. But it could make the output very messy, especially if there are very long lines (such as a block of high entropy base64 encoded data).
What about having an option to store the lambda function's code in a detect-secrets-output
folder within the output
folder?
The last account I was looking at, the check flagged for ~180 lambda functions. It takes a while cross-referencing prowler to the lambda in the account (and switching regions), and since the code was already downloaded when prowler ran, it would be nice to have an option to preserve the code.
This would be an opt in option.
It could also be part of how secrets scanning is handled in general in the future (with a multiprocessing pool for secrets detection checks - as these checks are often CPU intensive and don't benefit from multithreading pools)
from prowler.
@Fennerr I'm not sure about saving code locally even with an option. I'm still don't get the benefits of having the source code just if it contains some plaintext secrets, but for sure you find value in that so we can discuss about it.
from prowler.
Related Issues (20)
- Possibility to custom output file using quick inventory HOT 1
- [Bug]: Output issue HOT 9
- [Bug]: False positive on s3_bucket_policy_public_write_access HOT 1
- [Bug]: allow list reporting wrong findings HOT 3
- [Question]: AWS account security questions have been deprecated HOT 3
- [Question]: Remove S3 KMS check, since its enabed by default, and cant be disabled HOT 2
- [Bug]: The assumed role ARN contains a value for resource type different than role, please input a valid ARN HOT 13
- [Bug]: Not getting results for GCP compute instances with public IPs HOT 13
- [Bug]: AWS ECR service crashing if a repo with no policies exists. HOT 4
- Allow AWS Control Tower Account Factory for Terraform(AFT) IAM Roles HOT 2
- Add a new s3 check to verify if objects inside the bucket are public HOT 1
- [Bug]: Brew install Prowler requires python 3.12 - Google CLI SDK doesn't support 3.12.2
- [Bug]: 'NoneType' on checks_to_execute HOT 2
- [Bug]: iam_user_mfa_enabled_console_access - includes root user HOT 1
- [Bug]: compliance csv file seems to be broken HOT 1
- [Bug]: Empty fields (["resources"][0]["region"] and ["finding"]["types"]) in json ocsf result when the target is an Azure account HOT 2
- [Bug]: Recommendation is incorrect for check "cloudwatch_changes_to_network_route_tables_alarm_configured" HOT 1
- [Bug]: vpc_different_regions check returning false positive HOT 4
- [Bug]: cloudformation_stacks_termination_protection_enabled is not performed / sent to security hub HOT 1
- Security Group Allows Public IP address(es)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from prowler.