check AWS secrets in Lambda env variable only for AWS and GENERAL regex (#1008)
- check Lambda variable only for AWS resources
The following regex hits aws kms key id
and creates FP
_secrets_regexes = {
'azure': [
"("|')?([0-9A-Fa-f]{4}-){4}[0-9A-Fa-f]{12}("|')?", # client_secret
"("|')?[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}("|')?", # client_id and many other forms of IDs
environment": [
{
"variables": {
"kms_key_id": "arn:aws:kms:eu-west-1:123456789:key/c0baad75-d0d3-24e3-95d1-1e4e38a44c4a"
-
add General to string_has_secrets function
-
use GENERAL instead of General
-
add GENERAL category to string_has_secrets
-
Update LambdaEnvironmentCredentials.py
-
import GENERAL
-
import secret GENERAL