add CKV_SECRET_192 to GENERIC_PRIVATE_KEY_CHECK_IDS

bridgecrewio · Jul 25, 2024 · 35ab34d · 35ab34d
1 parent 84be705
commit 35ab34d
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/checkov/secrets/runner.py b/checkov/secrets/runner.py
@@ -73,7 +73,7 @@
 }
 
 ENTROPY_CHECK_IDS = {'CKV_SECRET_6', 'CKV_SECRET_19', 'CKV_SECRET_80'}
-GENERIC_PRIVATE_KEY_CHECK_IDS = {'CKV_SECRET_10', 'CKV_SECRET_13'}
+GENERIC_PRIVATE_KEY_CHECK_IDS = {'CKV_SECRET_10', 'CKV_SECRET_13', 'CKV_SECRET_192'}
 
 CHECK_ID_TO_SECRET_TYPE = {v: k for k, v in SECRET_TYPE_TO_ID.items()}
 

diff --git a/tests/secrets/test_prioritise_secrets.py b/tests/secrets/test_prioritise_secrets.py
@@ -20,6 +20,10 @@ def setUp(self):
                                   check_result={"result": CheckResult.FAILED}, code_block=[(1, 'baz')],
                                   file_path='qux', file_line_range=[1, 2], resource='resource', evaluations=None,
                                   check_class='CheckClass', file_abs_path='abs_path'),
+            'key4': SecretsRecord(check_id='CKV_SECRET_192', check_name='foo',
+                                  check_result={"result": CheckResult.FAILED}, code_block=[(1, 'baz')],
+                                  file_path='qux', file_line_range=[1, 2], resource='resource', evaluations=None,
+                                  check_class='CheckClass', file_abs_path='abs_path'),
         }
         self.ENTROPY_CHECK_IDS = ENTROPY_CHECK_IDS
         self.GENERIC_PRIVATE_KEY_CHECK_IDS = GENERIC_PRIVATE_KEY_CHECK_IDS
@@ -34,6 +38,11 @@ def test_generic_private_key_check_id_removed(self):
         self.assertTrue(result)
         self.assertNotIn('key2', self.secret_records)
 
+    def test_generic_private_key_check_id_192_removed(self):
+        result = Runner._prioritise_secrets(self.secret_records, 'key4', 'CKV_SECRET_18')
+        self.assertTrue(result)
+        self.assertNotIn('key4', self.secret_records)
+
     def test_no_removal_entropy_check_id(self):
         result = Runner._prioritise_secrets(self.secret_records, 'key1', 'CKV_SECRET_6')
         self.assertFalse(result)
@@ -44,6 +53,11 @@ def test_no_removal_generic_private_key_check_id(self):
         self.assertFalse(result)
         self.assertIn('key2', self.secret_records)
 
+    def test_no_removal_generic_private_key_check_id_192(self):
+        result = Runner._prioritise_secrets(self.secret_records, 'key4', 'CKV_SECRET_192')
+        self.assertFalse(result)
+        self.assertIn('key4', self.secret_records)
+
     def test_no_removal_other_check_id(self):
         result = Runner._prioritise_secrets(self.secret_records, 'key3', 'CKV_SECRET_1000')
         self.assertFalse(result)