Added a test for priv_key_file_pwd with a semicolon #408
Conversation
|
I have read the CLA Document and I hereby sign the CLA You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot. |
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| - | - | Encrypted Private Key | 411918e | tests/p8test-semicolon.pem | View secret |
🛠 Guidelines to remediate hardcoded secrets
The above secret(s) have been detected in your PR. Please take an appropriate action for each secret:
- If it’s a true positive, remove the secret from source code, revoke it and migrate to a secure way of storing and accessing secrets (see http://go/secrets-and-code). Once that’s done, go to the incidents page linked in the “GitGuardian id” column (log in using SnowBiz Okta) and resolve the incident.
- If it’s a false positive, go to the incidents page linked in the “GitGuardian id” column (log in using SnowBiz Okta) and ignore the incident.
- If you didn't add this secret - and only then - you may ignore this check as it's non-blocking. If you did add the secret and you ignore this check, you'll be assigned a "Security Finding" ticket in Jira in a few days.
Note:
- A secret is considered leaked from the moment it touches GitHub. Rewriting git history by force pushing or other means is not necessary and doesn’t change the fact that the secret has to be revoked.
- This check has a “Skip: false positive” button. Don’t use it. It will mark all detected secrets as false positives but only in the context of this specific run - it won’t remember this action in subsequent check runs.
If you encounter any problems you can reach out to us on Slack: #gitguardian-secret-scanning-help
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
There was a problem hiding this comment.
Hi, I left some comments.
Could you also add a note to README.md with brief description of escaping? https://github.com/snowflakedb/pdo_snowflake?tab=readme-ov-file#connecting-to-the-snowflake-database
Note that signing CLA is mandatory to merge your PR
| // use invalid jwt token and check the error message to ensure keypair auth | ||
| // is used and the invalid token is sent to server as expected | ||
| try { | ||
| $dbh = new PDO("snowflake:account=$account;authenticator=snowflake_jwt;priv_key_file_pwd=test;;;priv_key_file=tests/p8test-semicolon.pem", $user, ""); |
There was a problem hiding this comment.
let's create a password containg ; also in the middle e.g. te;st; and pass it as te;;st;;
| } catch(PDOException $e) { | ||
| // Ignore the error detail that server changed serveral times | ||
| echo sprintf("Expected error: %s\n", substr($e->getMessage(), 0, 15)); | ||
| } |
There was a problem hiding this comment.
let's add also a test where reading key fails when password is only test
Since the pdo uses php_pdo_parse_data_source (as it should) I would like to add a test to validate the escaping behaviour.
p8test-semicolon.pem is the same as p8test.pem, but with
test;as the password.