From a80c45b2ac1755206ad01f071a51ca1b26ca56dd Mon Sep 17 00:00:00 2001 From: Tomoya Amachi Date: Tue, 14 Sep 2021 18:13:29 +0900 Subject: [PATCH] remove pem file from sensitive file extensions (#157) --- pkg/assessor/credential/credential.go | 1 - pkg/scanner/scan_test.go | 1 - pkg/types/checkpoint.go | 2 +- 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/pkg/assessor/credential/credential.go b/pkg/assessor/credential/credential.go index 357045d..01defbb 100644 --- a/pkg/assessor/credential/credential.go +++ b/pkg/assessor/credential/credential.go @@ -83,7 +83,6 @@ func (a CredentialAssessor) RequiredExtensions() []string { return []string{ ".key", ".secret", - ".pem", ".p12", ".pkcs12", ".pfx", diff --git a/pkg/scanner/scan_test.go b/pkg/scanner/scan_test.go index 5cd93d4..f717b17 100644 --- a/pkg/scanner/scan_test.go +++ b/pkg/scanner/scan_test.go @@ -20,7 +20,6 @@ import ( func TestScanImage(t *testing.T) { log.InitLogger(false, false) - AddAcceptanceExtensions([]string{"pem"}) testcases := map[string]struct { imageName string fileName string diff --git a/pkg/types/checkpoint.go b/pkg/types/checkpoint.go index 9c532d3..9fb299e 100644 --- a/pkg/types/checkpoint.go +++ b/pkg/types/checkpoint.go @@ -63,7 +63,7 @@ var TitleMap = map[string]string{ UseAptGetUpdateNoCache: "Do not use update instructions alone in the Dockerfile", CheckSuidGuid: "Confirm safety of setuid/setgid files", UseCOPY: "Use COPY instead of ADD in Dockerfile", - AvoidCredential: "Do not store credential in ENVIRONMENT vars/files", + AvoidCredential: "Do not store credential in environment variables/files", AvoidSudo: "Avoid sudo command", AvoidSensitiveDirectoryMounting: "Avoid sensitive directory mounting", AvoidDistUpgrade: `Avoid "apt-get dist-upgrade"`,