MCPcopy
hub / github.com/docker/compose / recordServiceEnvFindings

Function recordServiceEnvFindings

pkg/compose/publish.go:519–544  ·  view source on GitHub ↗
(services map[string]*serviceEnvFindings, detector secrets.Detector, service types.ServiceConfig)

Source from the content-addressed store, hash-verified

517}
518
519func recordServiceEnvFindings(services map[string]*serviceEnvFindings, detector secrets.Detector, service types.ServiceConfig) {
520 envValues := map[string]string{}
521 for key, value := range service.Environment {
522 if value == nil {
523 continue
524 }
525 envValues[key] = replaceDollarEscape(*value)
526 }
527
528 hits, _ := detector.ScanMap(envValues)
529 if len(hits) == 0 && len(service.EnvFiles) == 0 {
530 return
531 }
532
533 f := services[service.Name]
534 if f == nil {
535 f = &serviceEnvFindings{suspiciousKeys: map[string]struct{}{}}
536 services[service.Name] = f
537 }
538 if len(service.EnvFiles) > 0 {
539 f.hasEnvFile = true
540 }
541 for _, hit := range hits {
542 f.suspiciousKeys[hit.Key] = struct{}{}
543 }
544}
545
546// configContentLooksLiteral returns true when the inline config.content has
547// a literal portion that would be published as-is, leaking the value to

Callers 1

collectEnvCheckFindingsFunction · 0.85

Calls 1

replaceDollarEscapeFunction · 0.85

Tested by

no test coverage detected