MCPcopy
hub / github.com/docker/compose / configContentLooksLiteral

Function configContentLooksLiteral

pkg/compose/publish.go:556–559  ·  view source on GitHub ↗

configContentLooksLiteral returns true when the inline config.content has a literal portion that would be published as-is, leaking the value to consumers of the OCI artifact. We piggyback on the keyword detector's value regex (`[^${\s].+[^}\s]`) by passing a fake "password" key to ScanMap — the reg

(content string, detector secrets.Detector)

Source from the content-addressed store, hash-verified

554// (templates like `key=${SECRET}`), or shorter than 3 chars, which neatly
555// matches our notion of "looks like a template, not a literal".
556func configContentLooksLiteral(content string, detector secrets.Detector) bool {
557 hits, _ := detector.ScanMap(map[string]string{"password": replaceDollarEscape(content)})
558 return len(hits) > 0
559}
560
561// replaceDollarEscape substitutes the compose-spec `$$` escape (which
562// represents a literal `$` in the resolved value) with a placeholder. The

Callers 1

collectEnvCheckFindingsFunction · 0.85

Calls 1

replaceDollarEscapeFunction · 0.85

Tested by

no test coverage detected