Skip to content

[ARO-26365, ARO-26372] Add CredScan suppressions for false positives#4911

Open
LiniSusan wants to merge 3 commits into
masterfrom
linisusan/ARO-26365-aro-26372-credscan-suppress-false-positives
Open

[ARO-26365, ARO-26372] Add CredScan suppressions for false positives#4911
LiniSusan wants to merge 3 commits into
masterfrom
linisusan/ARO-26365-aro-26372-credscan-suppress-false-positives

Conversation

@LiniSusan

Copy link
Copy Markdown
Collaborator

Which issue this PR addresses:

https://redhat.atlassian.net/browse/ARO-26365
https://redhat.atlassian.net/browse/ARO-26372

Fixes
Suppress two CSCAN-GENERAL0060 false positives:

  • extract_test.go: test assertion containing "username:password" as error message text, not a real credential
  • vendor/github.com/docker/docker/api/swagger.yaml: vendored upstream Docker API spec with example schema values, not real credentials

What this PR does / why we need it:

Test plan for issue:

Is there any documentation that needs to be updated for this PR?

How do you know this will function as expected in production?

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository’s CredScan suppressions list to silence two reported CSCAN-GENERAL0060 findings that are believed to be false positives (a test error message mentioning username:password, and an upstream Docker API spec example).

Changes:

  • Add a CredScan suppression entry for an extract_test.go credential-format string false positive.
  • Add a CredScan suppression entry for a vendored Docker swagger.yaml false positive.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +56 to +59
{
"file": "extract_test.go",
"_justification": "test assertion matching expected error message text containing username:password format description, not a real credential"
},
Comment on lines +60 to +62
{
"file": "vendor/github.com/docker/docker/api/swagger.yaml",
"_justification": "vendored upstream Docker API spec - example schema values, not real credentials"

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

LiniSusan and others added 2 commits July 7, 2026 15:14
Suppress two CSCAN-GENERAL0060 false positives:
- extract_test.go: test assertion containing "username:password" as error
  message text, not a real credential
- vendor/github.com/docker/docker/api/swagger.yaml: vendored upstream
  Docker API spec with example schema values, not real credentials

Co-authored-by: Cursor <cursoragent@cursor.com>
Update suppression entry from bare filename to correct relative path
pkg/util/pullsecret/extract_test.go so CredScan can match it.

Co-authored-by: Cursor <cursoragent@cursor.com>
Copilot AI review requested due to automatic review settings July 7, 2026 10:28
@LiniSusan LiniSusan force-pushed the linisusan/ARO-26365-aro-26372-credscan-suppress-false-positives branch from 323670e to c668ad3 Compare July 7, 2026 10:28
Use neutral pullsecret error wording to avoid password-pattern matches and align the existing docker swagger suppression to CSCAN-GENERAL0060.

Co-authored-by: Cursor <cursoragent@cursor.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Comment on lines +61 to +62
"file": "vendor/github.com/docker/docker/api/swagger.yaml",
"_justification": "vendored upstream Docker API spec - example schema values, not real credentials"
Copilot AI review requested due to automatic review settings July 7, 2026 10:31

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Comment on lines +55 to 63
},
{
"file": "pkg/util/pullsecret/extract_test.go",
"_justification": "test assertion matching expected error message text containing username:password format description, not a real credential"
},
{
"file": "vendor/github.com/docker/docker/api/swagger.yaml",
"_justification": "vendored upstream Docker API spec - example schema values, not real credentials"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants