(services map[string]*serviceEnvFindings, detector secrets.Detector, service types.ServiceConfig)
| 517 | } |
| 518 | |
| 519 | func recordServiceEnvFindings(services map[string]*serviceEnvFindings, detector secrets.Detector, service types.ServiceConfig) { |
| 520 | envValues := map[string]string{} |
| 521 | for key, value := range service.Environment { |
| 522 | if value == nil { |
| 523 | continue |
| 524 | } |
| 525 | envValues[key] = replaceDollarEscape(*value) |
| 526 | } |
| 527 | |
| 528 | hits, _ := detector.ScanMap(envValues) |
| 529 | if len(hits) == 0 && len(service.EnvFiles) == 0 { |
| 530 | return |
| 531 | } |
| 532 | |
| 533 | f := services[service.Name] |
| 534 | if f == nil { |
| 535 | f = &serviceEnvFindings{suspiciousKeys: map[string]struct{}{}} |
| 536 | services[service.Name] = f |
| 537 | } |
| 538 | if len(service.EnvFiles) > 0 { |
| 539 | f.hasEnvFile = true |
| 540 | } |
| 541 | for _, hit := range hits { |
| 542 | f.suspiciousKeys[hit.Key] = struct{}{} |
| 543 | } |
| 544 | } |
| 545 | |
| 546 | // configContentLooksLiteral returns true when the inline config.content has |
| 547 | // a literal portion that would be published as-is, leaking the value to |
no test coverage detected