chore(secrets): Improve the status_extended with more information (#1937)

Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
2026-02-10 23:05:05 +00:00 · 2023-02-21 12:37:20 +02:00
parent f913536d88
commit c6647b4706
8 changed files with 68 additions and 19 deletions
--- a/tests/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code_test.py
+++ b/tests/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code_test.py
@@ -76,7 +76,7 @@ class Test_awslambda_function_no_secrets_in_code:
            assert result[0].status == "FAIL"
            assert (
                result[0].status_extended
-                == f"Potential secret found in Lambda function {function_name} code"
+                == f"Potential secret found in Lambda function {function_name} code -> lambda_function.py: Secret Keyword on line 3"
            )

    def test_function_code_without_secrets(self):
--- a/tests/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables_test.py
+++ b/tests/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables_test.py
@@ -102,7 +102,7 @@ class Test_awslambda_function_no_secrets_in_variables:
            assert result[0].status == "FAIL"
            assert (
                result[0].status_extended
-                == f"Potential secret found in Lambda function {function_name} variables"
+                == f"Potential secret found in Lambda function {function_name} variables -> Secret Keyword in variable db_password"
            )

    def test_function_no_secrets_in_variables(self):
--- a/tests/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets_test.py
+++ b/tests/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets_test.py
@@ -102,7 +102,7 @@ class Test_ecs_task_definitions_no_environment_secrets:
            assert result[0].status == "FAIL"
            assert (
                result[0].status_extended
-                == f"Potential secret found in variables of ECS task definition {task_name} with revision {task_revision}"
+                == f"Potential secret found in variables of ECS task definition {task_name} with revision {task_revision} -> Secret Keyword on line 2"
            )
            assert result[0].resource_id == f"{task_name}:1"
            assert (
--- a/tests/providers/aws/services/ssm/ssm_document_secrets/ssm_document_secrets_test.py
+++ b/tests/providers/aws/services/ssm/ssm_document_secrets/ssm_document_secrets_test.py
@@ -59,7 +59,7 @@ class Test_ssm_documents_secrets:
            assert result[0].status == "FAIL"
            assert (
                result[0].status_extended
-                == f"Potential secret found in SSM Document {document_name}"
+                == f"Potential secret found in SSM Document {document_name} -> Secret Keyword on line 2"
            )

    def test_document_no_secrets(self):