search

pre-commit / pre-commit-hooks

Some out-of-the-box hooks for pre-commit
MIT License
5.4k stars 710 forks source link

AWS secret found in src/metadata_manager_api/db_models/domain.py: Fase Positive #1081

Closed niravjdn closed 3 months ago

niravjdn commented 3 months ago

Below is content of my domain.py file.

import uuid
from datetime import datetime

from sqlalchemy import JSON, BigInteger, Column, DateTime, String, text
from sqlalchemy.dialects import postgresql
from sqlalchemy.dialects.postgresql import UUID

from metadata_manager_api.db_models import ModelBase

BigIntegerType = BigInteger().with_variant(postgresql.BIGINT(), "postgresql")

class Domain(ModelBase):
    __tablename__ = "T_DOMAIN"
    __basename__ = "DOMAIN"
    __table_args__ = ({"schema": "metadata_store", "extend_existing": True},)

    domain_id = Column(
        "DOMAIN_ID",
        BigIntegerType,
        primary_key=True,
        index=True,
        nullable=False,
        autoincrement=True,
    )

    domain_name = Column("DOMAIN_NAME", String(150), nullable=False, unique=True)
    domain_team = Column("DOMAIN_TEAM", UUID(as_uuid=True), nullable=False, default=uuid.uuid4)
    domain_description = Column("DOMAIN_DESCRIPTION", String(500), nullable=True)
    domain_tags = Column("DOMAIN_TAGS", JSON, nullable=True)

    created_by = Column(
        "CREATED_BY", String(length=25), default="MDMC", nullable=False, server_default="MDMC"
    )
    created_ts = Column(
        "CREATED_TS", DateTime, default=datetime.now, server_default=text("CURRENT_TIMESTAMP")
    )
    updated_by = Column("UPDATED_BY", String(length=25), default="MDMC", server_default="MDMC")
    updated_ts = Column(
        "UPDATED_TS",
        DateTime,
        default=datetime.now,
        onupdate=datetime.now,
        server_default=text("CURRENT_TIMESTAMP"),
    )
asottile commented 3 months ago

you likely have misconfigured aws data, very difficult to tell without any debugging on your end or output or config or really anything

that file does not trigger the hook for me, though I have properly configured credentials

niravjdn commented 3 months ago

Can you suggest me steps to reconfigure? I am following standard steps. I tried to delete hooks folder in.git and reconfigure also but did not work.

asottile commented 3 months ago

I can't without knowing what's wrong and I really shouldn't be telling you how to set up aws credentials either! that's fairly out of scope

niravjdn commented 3 months ago

I don't have anything related to aws in entire repo actually.

asottile commented 3 months ago

typically you don't -- aws is configured external to your repository

niravjdn commented 3 months ago

Ohh I get it, even though it is not in repo and in home directory, The hook still scans for it even if I don't track it?

asottile commented 3 months ago

how else would it prevent your credentials from being checked in?

niravjdn commented 3 months ago

What's the point of checking aws credentials located in my home directory at ~/.aws in commit hooks? I am not committing them or not tracking.

asottile commented 3 months ago

think for a minute -- what if you did check them in -- how would a tool know whether you checked them in or not?

niravjdn commented 3 months ago

Understood, Thank you. Closing the issue.