Skip to content

Ignore empty variable names in secretscan#2699

Merged
RebeccaMahany merged 3 commits intokolide:mainfrom
RebeccaMahany:becca/secretscan-ignore-empty-var
Apr 17, 2026
Merged

Ignore empty variable names in secretscan#2699
RebeccaMahany merged 3 commits intokolide:mainfrom
RebeccaMahany:becca/secretscan-ignore-empty-var

Conversation

@RebeccaMahany
Copy link
Copy Markdown
Contributor

@RebeccaMahany RebeccaMahany commented Apr 16, 2026
edited
Loading

Similar to #2697 -- ignore another common false-positive pattern.

This issue is gitleaks/gitleaks#1828. Since I didn't see a gitleaks workaround at this time, I added another exclusion to our secret processing.

@RebeccaMahany RebeccaMahany added the features-improvements Features and Improvements label Apr 16, 2026
@RebeccaMahany RebeccaMahany marked this pull request as ready for review April 16, 2026 20:56
directionless
directionless approved these changes Apr 17, 2026
View reviewed changes
Comment thread ee/tables/secretscan/table.go
Comment on lines +357 to +358
// multiple lines -- in this case, it looks like "\nMY_ENV_VAR1=\nMY_ENV_VAR2=".
// So first we isolate the actual line we're looking at, then check to see if there's
Copy link
Copy Markdown
Contributor

@directionless directionless Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You might be able to use the column start field.

Copy link
Copy Markdown
Contributor Author

@RebeccaMahany RebeccaMahany Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried that and it worked in practice with the examples I'm looking at (restricting to finding.StartColumn == 2), but I wanted to cover the case in the tab before empty variable test too.

@RebeccaMahany RebeccaMahany added this pull request to the merge queue Apr 17, 2026
Merged via the queue into kolide:main with commit ec3af82 Apr 17, 2026
46 checks passed
@RebeccaMahany RebeccaMahany deleted the becca/secretscan-ignore-empty-var branch April 17, 2026 13:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@directionless directionless directionless approved these changes

Assignees

No one assigned

Labels

features-improvements Features and Improvements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RebeccaMahany @directionless