search

pre-commit / pre-commit-hooks

Some out-of-the-box hooks for pre-commit
MIT License
5.2k stars 694 forks source link

AWS secret found in src/metadata_manager_api/db_models/domain.py: Fase Positive #1081

Closed niravjdn closed 1 month ago

niravjdn commented 1 month ago

Below is content of my domain.py file.

import uuid
from datetime import datetime

from sqlalchemy import JSON, BigInteger, Column, DateTime, String, text
from sqlalchemy.dialects import postgresql
from sqlalchemy.dialects.postgresql import UUID

from metadata_manager_api.db_models import ModelBase

BigIntegerType = BigInteger().with_variant(postgresql.BIGINT(), "postgresql")

class Domain(ModelBase):
    __tablename__ = "T_DOMAIN"
    __basename__ = "DOMAIN"
    __table_args__ = ({"schema": "metadata_store", "extend_existing": True},)

    domain_id = Column(
        "DOMAIN_ID",
        BigIntegerType,
        primary_key=True,
        index=True,
        nullable=False,
        autoincrement=True,
    )

    domain_name = Column("DOMAIN_NAME", String(150), nullable=False, unique=True)
    domain_team = Column("DOMAIN_TEAM", UUID(as_uuid=True), nullable=False, default=uuid.uuid4)
    domain_description = Column("DOMAIN_DESCRIPTION", String(500), nullable=True)
    domain_tags = Column("DOMAIN_TAGS", JSON, nullable=True)

    created_by = Column(
        "CREATED_BY", String(length=25), default="MDMC", nullable=False, server_default="MDMC"
    )
    created_ts = Column(
        "CREATED_TS", DateTime, default=datetime.now, server_default=text("CURRENT_TIMESTAMP")
    )
    updated_by = Column("UPDATED_BY", String(length=25), default="MDMC", server_default="MDMC")
    updated_ts = Column(
        "UPDATED_TS",
        DateTime,
        default=datetime.now,
        onupdate=datetime.now,
        server_default=text("CURRENT_TIMESTAMP"),
    )
asottile commented 1 month ago

you likely have misconfigured aws data, very difficult to tell without any debugging on your end or output or config or really anything

that file does not trigger the hook for me, though I have properly configured credentials

niravjdn commented 1 month ago

Can you suggest me steps to reconfigure? I am following standard steps. I tried to delete hooks folder in.git and reconfigure also but did not work.

asottile commented 1 month ago

I can't without knowing what's wrong and I really shouldn't be telling you how to set up aws credentials either! that's fairly out of scope

niravjdn commented 1 month ago

I don't have anything related to aws in entire repo actually.

asottile commented 1 month ago

typically you don't -- aws is configured external to your repository

niravjdn commented 1 month ago

Ohh I get it, even though it is not in repo and in home directory, The hook still scans for it even if I don't track it?

asottile commented 1 month ago

how else would it prevent your credentials from being checked in?

niravjdn commented 1 month ago

What's the point of checking aws credentials located in my home directory at ~/.aws in commit hooks? I am not committing them or not tracking.

asottile commented 1 month ago

think for a minute -- what if you did check them in -- how would a tool know whether you checked them in or not?

niravjdn commented 1 month ago

Understood, Thank you. Closing the issue.