Merge pull request #260 from PVSec/master

asottile · web-flow · commit 79915aa6ef46 · 2018-01-26T15:34:24.000-08:00
Fix for issue #258
diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py
@@ -53,7 +53,9 @@ def get_aws_secrets_from_file(credentials_file):
             'aws_session_token',
         ):
             try:
-                keys.add(parser.get(section, var))
+                key = parser.get(section, var).strip()
+                if key:
+                    keys.add(key)
             except configparser.NoOptionError:
                 pass
     return keys
diff --git a/testing/resources/aws_config_without_secrets_with_spaces.ini b/testing/resources/aws_config_without_secrets_with_spaces.ini
@@ -0,0 +1,4 @@
+# file with an AWS access key id but no valid AWS secret access key only space characters
+[production]
+aws_access_key_id = AKIASLARTARGENTINA86
+aws_secret_access_key =
diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py
@@ -83,6 +83,7 @@ def test_get_aws_secrets_from_env(env_vars, values):
             },
         ),
         ('aws_config_without_secrets.ini', set()),
+        ('aws_config_without_secrets_with_spaces.ini', set()),
         ('nonsense.txt', set()),
         ('ok_json.json', set()),
     ),
@@ -100,6 +101,7 @@ def test_get_aws_secrets_from_file(filename, expected_keys):
         ('aws_config_with_session_token.ini', 1),
         ('aws_config_with_multiple_sections.ini', 1),
         ('aws_config_without_secrets.ini', 0),
+        ('aws_config_without_secrets_with_spaces.ini', 0),
         ('nonsense.txt', 0),
         ('ok_json.json', 0),
     ),
