feat(secrets): Masking secrets files

[matansha]

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[//]: # "

PR Title

We use the title to create changelog automatically and therefore only allow specific prefixes
- break:    to indicate a breaking change, this supersedes any of the other types
- feat:     to indicate new features or checks
- fix:      to indicate a bugfix or handling of edge cases of existing checks
- docs:     to indicate an update to our documentation
- chore:    to indicate adjustments to workflow files or dependency updates
- platform: to indicate a change needed for the platform
Each prefix should be accompanied by a scope that specifies the targeted framework. If uncertain, use 'general'.
#    
Allowed prefixs:
ansible|argo|arm|azure|bicep|bitbucket|circleci|cloudformation|dockerfile|github|gha|gitlab|helm|kubernetes|kustomize|openapi|sast|sca|secrets|serverless|terraform|general|graph|terraform_plan|terraform_json
#
ex.
feat(terraform): add CKV_AWS_123 to ensure that VPC Endpoint Service is configured for Manual Acceptance

"

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

New/Edited policies (Delete if not relevant)

Description

Include a description of what makes it a violation and any relevant external links.

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

• [ ] I have performed a self-review of my own code
• [ ] I have commented my code, particularly in hard-to-understand areas
• [ ] I have made corresponding changes to the documentation
• [ ] I have added tests that prove my feature, policy, or fix is effective and works
• [ ] New and existing tests pass locally with my changes

---

Generated description

Below is a concise technical summary of the changes proposed in this PR:

Introduce a new feature to mask secrets in files by implementing the mask_files method in the Runner class. This method scans specified files or directories for secrets and replaces them with masked values, ensuring sensitive information is obfuscated. The changes also include refactoring the run method to improve code organization and adding new utility functions like _get_secret_suppressions_ids and _find_files_from_root_folder to streamline secret handling processes. Additionally, new test cases are added to verify the functionality of the masking feature.

<table><tr><th>Topic</th><th>Details</th><tr><td><a href=https://baz.co/changes/bridgecrewio/checkov/6848?tool=ast&topic=Testing+Enhancements>Testing Enhancements</a>
    </td><td>Add new test cases to verify the functionality of the secrets masking feature, ensuring that secrets are correctly identified and obfuscated in the output files.<details><summary>Modified files (3)</summary><ul><li>tests/secrets/test_masking_secrets.py</li>

tests/secrets/masking_secrets/assets_report_with_pass.json

tests/secrets/masking_secrets/findings_report_with_pass.json

Latest Contributors(0)

User	Commit	Date

Code Refactoring Refactor the run method in the Runner class to improve code organization and readability, including extracting logic into helper functions.

Modified files (1)

• checkov/secrets/runner.py

Latest Contributors(2)

User	Commit	Date
paz8097@gmail.com	feat-secrets-Adding-ch...	November 17, 2024
matanshati@gmail.com	feat-secrets-Add-npm-d...	November 10, 2024

Secrets Masking Implement the mask_files method in the Runner class to scan and mask secrets in specified files or directories, replacing them with obfuscated values.

Modified files (2)

• tests/secrets/test_masking_secrets.py
• checkov/secrets/runner.py

Latest Contributors(2)

User	Commit	Date
paz8097@gmail.com	feat-secrets-Adding-ch...	November 17, 2024
matanshati@gmail.com	feat-secrets-Add-npm-d...	November 10, 2024

This pull request is reviewed by Baz. Join @matansha and the rest of your team on (Baz).