fix(egress): strip Authorization before DLP scan; remove auth_header param from scan_outbound
test / unit (pull_request) Successful in 32s
test / integration (pull_request) Successful in 46s
lint / lint (push) Successful in 1m27s
test / unit (push) Successful in 35s
test / integration (push) Successful in 42s
Update Quality Badges / update-badges (push) Successful in 1m20s
test / unit (pull_request) Successful in 32s
test / integration (pull_request) Successful in 46s
lint / lint (push) Successful in 1m27s
test / unit (push) Successful in 35s
test / integration (push) Successful in 42s
Update Quality Badges / update-badges (push) Successful in 1m20s
This commit was merged in pull request #212.
This commit is contained in:
@@ -532,8 +532,6 @@ def scan_outbound(
|
||||
route: Route,
|
||||
body: str | bytes,
|
||||
environ: typing.Mapping[str, str],
|
||||
*,
|
||||
auth_header: str = "",
|
||||
) -> ScanResult | None:
|
||||
# Lazy import to avoid circular deps and keep dlp_detectors optional
|
||||
# at import time (the sidecar copies it flat alongside this file).
|
||||
@@ -549,19 +547,11 @@ def scan_outbound(
|
||||
text = body if isinstance(body, str) else body.decode("utf-8", errors="replace")
|
||||
|
||||
if _detector_enabled(route.outbound_detectors, "token_patterns"):
|
||||
if auth_header:
|
||||
result = scan_token_patterns(auth_header, location="authorization header")
|
||||
if result is not None:
|
||||
return result
|
||||
result = scan_token_patterns(text, location="body")
|
||||
if result is not None:
|
||||
return result
|
||||
|
||||
if _detector_enabled(route.outbound_detectors, "known_secrets"):
|
||||
if auth_header:
|
||||
result = scan_known_secrets(auth_header, location="authorization header", env=environ)
|
||||
if result is not None:
|
||||
return result
|
||||
result = scan_known_secrets(text, location="body", env=environ)
|
||||
if result is not None:
|
||||
return result
|
||||
|
||||
Reference in New Issue
Block a user