Merge branch 'master' into master

daneah · web-flow · commit bd1c65f13964 · 2018-10-24T19:27:11.000-04:00
diff --git a/README.rst b/README.rst
@@ -41,9 +41,8 @@ by ``git`` when running ``git secrets``.
 \*nix (Linux/macOS)
 ~~~~~~~~~~~~~~~~~
 
-You can use the ``install`` target of the provided Makefile to install
-``git secrets`` and the man page. You can customize the install path
-using the PREFIX and MANPREFIX variables.
+You can use the ``install`` target of the provided Makefile to install ``git secrets`` and the man page.
+You can customize the install path using the PREFIX and MANPREFIX variables.
 
 ::
 
@@ -161,7 +160,7 @@ Each of these options must appear first on the command line.
     in ``~/.aws/credentials`` are not found in any commit. The following
     checks are added:
 
-    - AWS Access Key IDs (strings matching ``[A-Z0-9]{20}``)
+    - AWS Access Key IDs via ``(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}``
     - AWS Secret Access Key assignments via ":" or "=" surrounded by optional
       quotes
     - AWS account ID assignments via ":" or "=" surrounded by optional quotes
diff --git a/git-secrets b/git-secrets
@@ -235,7 +235,7 @@ register_aws() {
   local aws="(AWS|aws|Aws)?_?" quote="(\"|')" connect="\s*(:|=>|=)\s*"
   local opt_quote="${quote}?"
   add_config 'secrets.providers' 'git secrets --aws-provider'
-  add_config 'secrets.patterns' '[A-Z0-9]{20}'
+  add_config 'secrets.patterns' '(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'
   add_config 'secrets.patterns' "${opt_quote}${aws}(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)${opt_quote}${connect}${opt_quote}[A-Za-z0-9/\+=]{40}${opt_quote}"
   add_config 'secrets.patterns' "${opt_quote}${aws}(ACCOUNT|account|Account)_?(ID|id|Id)?${opt_quote}${connect}${opt_quote}[0-9]{4}\-?[0-9]{4}\-?[0-9]{4}${opt_quote}"
   add_config 'secrets.allowed' 'AKIAIOSFODNN7EXAMPLE'
diff --git a/test/git-secrets.bats b/test/git-secrets.bats
@@ -278,7 +278,7 @@ load test_helper
   repo_run git-secrets --register-aws
   git config --local --get secrets.providers
   repo_run git-secrets --list
-  echo "$output" | grep -F '[A-Z0-9]{20}'
+  echo "$output" | grep -F '(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'
   echo "$output" | grep "AKIAIOSFODNN7EXAMPLE"
   echo "$output" | grep "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
 }

Original file line number	Diff line number	Diff line change
`@@ -278,7 +278,7 @@ load test_helper`
`278`	`278`	`repo_run git-secrets --register-aws`
`279`	`279`	`git config --local --get secrets.providers`
`280`	`280`	`repo_run git-secrets --list`
`281`		`- echo "$output" \| grep -F '[A-Z0-9]{20}'`
	`281`	`+ echo "$output" \| grep -F '(A3T[A-Z0-9]\|AKIA\|AGPA\|AIDA\|AROA\|AIPA\|ANPA\|ANVA\|ASIA)[A-Z0-9]{16}'`
`282`	`282`	`echo "$output" \| grep "AKIAIOSFODNN7EXAMPLE"`
`283`	`283`	`echo "$output" \| grep "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"`
`284`	`284`	`}`