diff --git a/pkg/detectors/aws/access_keys/accesskey.go b/pkg/detectors/aws/access_keys/accesskey.go index 7c8439f8b809..5ea1b4756b91 100644 --- a/pkg/detectors/aws/access_keys/accesskey.go +++ b/pkg/detectors/aws/access_keys/accesskey.go @@ -305,8 +305,8 @@ func (s scanner) verifyMatch(ctx context.Context, resIDMatch, resSecretMatch str return true, extraData, nil } -func (s scanner) CleanResults(results []detectors.Result) []detectors.Result { - return aws.CleanResults(results) +func (s scanner) CleanResults(results []detectors.Result, verificationEnabled bool) []detectors.Result { + return aws.CleanResults(results, verificationEnabled) } func (s scanner) Type() detectorspb.DetectorType { diff --git a/pkg/detectors/aws/access_keys/accesskey_test.go b/pkg/detectors/aws/access_keys/accesskey_test.go index bf6cb4774106..1fa8ae99a461 100644 --- a/pkg/detectors/aws/access_keys/accesskey_test.go +++ b/pkg/detectors/aws/access_keys/accesskey_test.go @@ -45,6 +45,20 @@ func TestAWS_Pattern(t *testing.T) { `, want: []string{"AKIAWGXZ9OPDOWUJMZGI:v2QPKHl7LcdVYsjaR4LgQiZ1zw3MAnMyiondXC63"}, }, + { + name: "valid pattern - multiple secrets", + input: ` + aws credentials{ + id: ABIAS9L8MS5IPHTZPPUQ + secret: v2QPKHl7LcdVYsjaR4LgQiZ1zw3MAnMyiondXC63 + }, + aws credentials{ + id: ABIAS9L8MS5IPHTZPXUR + secret: v2QPKHl7LcdVYsjaR4LgQiZ1zw3MAnMyiondDD21 + } + `, + want: []string{"ABIAS9L8MS5IPHTZPPUQ:v2QPKHl7LcdVYsjaR4LgQiZ1zw3MAnMyiondXC63", "ABIAS9L8MS5IPHTZPPUQ:v2QPKHl7LcdVYsjaR4LgQiZ1zw3MAnMyiondDD21", "ABIAS9L8MS5IPHTZPXUR:v2QPKHl7LcdVYsjaR4LgQiZ1zw3MAnMyiondXC63", "ABIAS9L8MS5IPHTZPXUR:v2QPKHl7LcdVYsjaR4LgQiZ1zw3MAnMyiondDD21"}, + }, { name: "invalid pattern", input: ` diff --git a/pkg/detectors/aws/session_keys/sessionkey.go b/pkg/detectors/aws/session_keys/sessionkey.go index 7017478371b0..4226e924433a 100644 --- a/pkg/detectors/aws/session_keys/sessionkey.go +++ b/pkg/detectors/aws/session_keys/sessionkey.go @@ -325,8 +325,8 @@ func (s scanner) verifyMatch(ctx context.Context, resIDMatch, resSecretMatch str } } -func (s scanner) CleanResults(results []detectors.Result) []detectors.Result { - return aws.CleanResults(results) +func (s scanner) CleanResults(results []detectors.Result, verificationEnabled bool) []detectors.Result { + return aws.CleanResults(results, verificationEnabled) } // Reference: https://nitter.poast.org/TalBeerySec/status/1816449053841838223#m diff --git a/pkg/detectors/aws/session_keys/sessionkeys_test.go b/pkg/detectors/aws/session_keys/sessionkeys_test.go index b884dcb3e8f2..1e732016c897 100644 --- a/pkg/detectors/aws/session_keys/sessionkeys_test.go +++ b/pkg/detectors/aws/session_keys/sessionkeys_test.go @@ -46,6 +46,31 @@ func TestAWSSessionKey_Pattern(t *testing.T) { `, want: []string{"ASIABBKK02W42Q3IPSPG:fkhIiUwQY32Zu9e4a86g9r3WpTzfE1aXljVcgn8O:aSqfp/GTZbJP+tXPNCZ9GoveoM0vgxtlYXdzPQ2uYNMPPgUkt0VT7SoTLasAo7iVqWWREOUC6DEenlcgDEKyzIEgQW5Ju/b9K/Z176uD2HJYCfq/lyowHtt5PvJi7LRuf/urSorGbTcqNUvPi42YP1Ps/4F6He9hQA1io3EAGBC3ICGHXWf2IlvFoTNUyPTqhjnPEKMWZ42jblqNAdD7hLpzNXmmGhdLCjy99XK8+gjHdZHkOeD/FIjRPRZ7Jl0tdwdqFEwzRVCzL2uelMVMd3UaZ+d4I4Kf+J464piO//jxx48Fs/mG3zr5ba9m2S+6gvUZJq4j+0uJ+jf6cG/x2G9XSybqYQRwvxfNquKB4TcKiGVH5+ZbJT4ASkARadwoSPMGfvMPje+X2zAziSzXfsxYfIQKf6iJ9p7VavlDGi+Acr4kwFXW5IfQs4uGk6AVQFsoZK3o1hhLOkuOwWQEWhDQGNLXwJbFqXfELOnUQvM0Z5NUm46bjAAi4g+X9gLPNR/KjzXuuTTaWYrQEjXLb7PxS0sIttAb1w+sTXXtc1kDIsABC6KcsyGlEwji5sLkbkUa="}, }, + { + name: "valid pattern - multiple secrets", + input: ` + aws credentials{ + id: ASIABBKK02W42Q3IPSPG + secret: fkhIiUwQY32Zu9e4a86g9r3WpTzfE1aXljVcgn8O + session: aSqfp/GTZbJP+tXPNCZ9GoveoM0vgxtlYXdzPQ2uYNMPPgUkt0VT7SoTLasAo7iVqWWREOUC6DEenlcgDEKyzIEgQW5Ju/b9K/Z176uD2HJYCfq/lyowHtt5PvJi7LRuf/urSorGbTcqNUvPi42YP1Ps/4F6He9hQA1io3EAGBC3ICGHXWf2IlvFoTNUyPTqhjnPEKMWZ42jblqNAdD7hLpzNXmmGhdLCjy99XK8+gjHdZHkOeD/FIjRPRZ7Jl0tdwdqFEwzRVCzL2uelMVMd3UaZ+d4I4Kf+J464piO//jxx48Fs/mG3zr5ba9m2S+6gvUZJq4j+0uJ+jf6cG/x2G9XSybqYQRwvxfNquKB4TcKiGVH5+ZbJT4ASkARadwoSPMGfvMPje+X2zAziSzXfsxYfIQKf6iJ9p7VavlDGi+Acr4kwFXW5IfQs4uGk6AVQFsoZK3o1hhLOkuOwWQEWhDQGNLXwJbFqXfELOnUQvM0Z5NUm46bjAAi4g+X9gLPNR/KjzXuuTTaWYrQEjXLb7PxS0sIttAb1w+sTXXtc1kDIsABC6KcsyGlEwji5sLkbkUa= + } + aws credentials{ + id: ASIABBKK02W42Q3IPBAR + secret: fkhIiUwQY32Zu9e4a86g9r3WpTzfE1aXljVcMUFC + session: aSqfp/GTZbJP+tXPNCZ9GoveoM0vgxtlYXdzPQ2uYNMPPgUkt0VT7SoTLasAo7iVqWWREOUC6DEenlcgDEKyzIEgQW5Ju/b9K/Z176uD2HJYCfq/lyowHtt5PvJi7LRuf/urSorGbTcqNUvPi42YP1Ps/4F6He9hQA1io3EAGBC3ICGHXWf2IlvFoTNUyPTqhjnPEKMWZ42jblqNAdD7hLpzNXmmGhdLCjy99XK8+gjHdZHkOeD/FIjRPRZ7Jl0tdwdqFEwzRVCzL2uelMVMd3UaZ+d4I4Kf+J464piO//jxx48Fs/mG3zr5ba9m2S+6gvUZJq4j+0uJ+jf6cG/x2G9XSybqYQRwvxfNquKB4TcKiGVH5+ZbJT4ASkARadwoSPMGfvMPje+X2zAziSzXfsxYfIQKf6iJ9p7VavlDGi+Acr4kwFXW5IfQs4uGk6AVQFsoZK3o1hhLOkuOwWQEWhDQGNLXwJbFqXfELOnUQvM0Z5NUm46bjAAi4g+X9gLPNR/KjzXuuTTaWYrQEjXLb7PxS0sIttAb1w+sTXXtc1kDIsABC6KcsyGlEwji5sLkabku= + } + `, + want: []string{ + "ASIABBKK02W42Q3IPSPG:fkhIiUwQY32Zu9e4a86g9r3WpTzfE1aXljVcgn8O:aSqfp/GTZbJP+tXPNCZ9GoveoM0vgxtlYXdzPQ2uYNMPPgUkt0VT7SoTLasAo7iVqWWREOUC6DEenlcgDEKyzIEgQW5Ju/b9K/Z176uD2HJYCfq/lyowHtt5PvJi7LRuf/urSorGbTcqNUvPi42YP1Ps/4F6He9hQA1io3EAGBC3ICGHXWf2IlvFoTNUyPTqhjnPEKMWZ42jblqNAdD7hLpzNXmmGhdLCjy99XK8+gjHdZHkOeD/FIjRPRZ7Jl0tdwdqFEwzRVCzL2uelMVMd3UaZ+d4I4Kf+J464piO//jxx48Fs/mG3zr5ba9m2S+6gvUZJq4j+0uJ+jf6cG/x2G9XSybqYQRwvxfNquKB4TcKiGVH5+ZbJT4ASkARadwoSPMGfvMPje+X2zAziSzXfsxYfIQKf6iJ9p7VavlDGi+Acr4kwFXW5IfQs4uGk6AVQFsoZK3o1hhLOkuOwWQEWhDQGNLXwJbFqXfELOnUQvM0Z5NUm46bjAAi4g+X9gLPNR/KjzXuuTTaWYrQEjXLb7PxS0sIttAb1w+sTXXtc1kDIsABC6KcsyGlEwji5sLkbkUa=", + "ASIABBKK02W42Q3IPSPG:fkhIiUwQY32Zu9e4a86g9r3WpTzfE1aXljVcgn8O:aSqfp/GTZbJP+tXPNCZ9GoveoM0vgxtlYXdzPQ2uYNMPPgUkt0VT7SoTLasAo7iVqWWREOUC6DEenlcgDEKyzIEgQW5Ju/b9K/Z176uD2HJYCfq/lyowHtt5PvJi7LRuf/urSorGbTcqNUvPi42YP1Ps/4F6He9hQA1io3EAGBC3ICGHXWf2IlvFoTNUyPTqhjnPEKMWZ42jblqNAdD7hLpzNXmmGhdLCjy99XK8+gjHdZHkOeD/FIjRPRZ7Jl0tdwdqFEwzRVCzL2uelMVMd3UaZ+d4I4Kf+J464piO//jxx48Fs/mG3zr5ba9m2S+6gvUZJq4j+0uJ+jf6cG/x2G9XSybqYQRwvxfNquKB4TcKiGVH5+ZbJT4ASkARadwoSPMGfvMPje+X2zAziSzXfsxYfIQKf6iJ9p7VavlDGi+Acr4kwFXW5IfQs4uGk6AVQFsoZK3o1hhLOkuOwWQEWhDQGNLXwJbFqXfELOnUQvM0Z5NUm46bjAAi4g+X9gLPNR/KjzXuuTTaWYrQEjXLb7PxS0sIttAb1w+sTXXtc1kDIsABC6KcsyGlEwji5sLkabku=", + "ASIABBKK02W42Q3IPSPG:fkhIiUwQY32Zu9e4a86g9r3WpTzfE1aXljVcMUFC:aSqfp/GTZbJP+tXPNCZ9GoveoM0vgxtlYXdzPQ2uYNMPPgUkt0VT7SoTLasAo7iVqWWREOUC6DEenlcgDEKyzIEgQW5Ju/b9K/Z176uD2HJYCfq/lyowHtt5PvJi7LRuf/urSorGbTcqNUvPi42YP1Ps/4F6He9hQA1io3EAGBC3ICGHXWf2IlvFoTNUyPTqhjnPEKMWZ42jblqNAdD7hLpzNXmmGhdLCjy99XK8+gjHdZHkOeD/FIjRPRZ7Jl0tdwdqFEwzRVCzL2uelMVMd3UaZ+d4I4Kf+J464piO//jxx48Fs/mG3zr5ba9m2S+6gvUZJq4j+0uJ+jf6cG/x2G9XSybqYQRwvxfNquKB4TcKiGVH5+ZbJT4ASkARadwoSPMGfvMPje+X2zAziSzXfsxYfIQKf6iJ9p7VavlDGi+Acr4kwFXW5IfQs4uGk6AVQFsoZK3o1hhLOkuOwWQEWhDQGNLXwJbFqXfELOnUQvM0Z5NUm46bjAAi4g+X9gLPNR/KjzXuuTTaWYrQEjXLb7PxS0sIttAb1w+sTXXtc1kDIsABC6KcsyGlEwji5sLkbkUa=", + "ASIABBKK02W42Q3IPSPG:fkhIiUwQY32Zu9e4a86g9r3WpTzfE1aXljVcMUFC:aSqfp/GTZbJP+tXPNCZ9GoveoM0vgxtlYXdzPQ2uYNMPPgUkt0VT7SoTLasAo7iVqWWREOUC6DEenlcgDEKyzIEgQW5Ju/b9K/Z176uD2HJYCfq/lyowHtt5PvJi7LRuf/urSorGbTcqNUvPi42YP1Ps/4F6He9hQA1io3EAGBC3ICGHXWf2IlvFoTNUyPTqhjnPEKMWZ42jblqNAdD7hLpzNXmmGhdLCjy99XK8+gjHdZHkOeD/FIjRPRZ7Jl0tdwdqFEwzRVCzL2uelMVMd3UaZ+d4I4Kf+J464piO//jxx48Fs/mG3zr5ba9m2S+6gvUZJq4j+0uJ+jf6cG/x2G9XSybqYQRwvxfNquKB4TcKiGVH5+ZbJT4ASkARadwoSPMGfvMPje+X2zAziSzXfsxYfIQKf6iJ9p7VavlDGi+Acr4kwFXW5IfQs4uGk6AVQFsoZK3o1hhLOkuOwWQEWhDQGNLXwJbFqXfELOnUQvM0Z5NUm46bjAAi4g+X9gLPNR/KjzXuuTTaWYrQEjXLb7PxS0sIttAb1w+sTXXtc1kDIsABC6KcsyGlEwji5sLkabku=", + "ASIABBKK02W42Q3IPBAR:fkhIiUwQY32Zu9e4a86g9r3WpTzfE1aXljVcgn8O:aSqfp/GTZbJP+tXPNCZ9GoveoM0vgxtlYXdzPQ2uYNMPPgUkt0VT7SoTLasAo7iVqWWREOUC6DEenlcgDEKyzIEgQW5Ju/b9K/Z176uD2HJYCfq/lyowHtt5PvJi7LRuf/urSorGbTcqNUvPi42YP1Ps/4F6He9hQA1io3EAGBC3ICGHXWf2IlvFoTNUyPTqhjnPEKMWZ42jblqNAdD7hLpzNXmmGhdLCjy99XK8+gjHdZHkOeD/FIjRPRZ7Jl0tdwdqFEwzRVCzL2uelMVMd3UaZ+d4I4Kf+J464piO//jxx48Fs/mG3zr5ba9m2S+6gvUZJq4j+0uJ+jf6cG/x2G9XSybqYQRwvxfNquKB4TcKiGVH5+ZbJT4ASkARadwoSPMGfvMPje+X2zAziSzXfsxYfIQKf6iJ9p7VavlDGi+Acr4kwFXW5IfQs4uGk6AVQFsoZK3o1hhLOkuOwWQEWhDQGNLXwJbFqXfELOnUQvM0Z5NUm46bjAAi4g+X9gLPNR/KjzXuuTTaWYrQEjXLb7PxS0sIttAb1w+sTXXtc1kDIsABC6KcsyGlEwji5sLkbkUa=", + "ASIABBKK02W42Q3IPBAR:fkhIiUwQY32Zu9e4a86g9r3WpTzfE1aXljVcgn8O:aSqfp/GTZbJP+tXPNCZ9GoveoM0vgxtlYXdzPQ2uYNMPPgUkt0VT7SoTLasAo7iVqWWREOUC6DEenlcgDEKyzIEgQW5Ju/b9K/Z176uD2HJYCfq/lyowHtt5PvJi7LRuf/urSorGbTcqNUvPi42YP1Ps/4F6He9hQA1io3EAGBC3ICGHXWf2IlvFoTNUyPTqhjnPEKMWZ42jblqNAdD7hLpzNXmmGhdLCjy99XK8+gjHdZHkOeD/FIjRPRZ7Jl0tdwdqFEwzRVCzL2uelMVMd3UaZ+d4I4Kf+J464piO//jxx48Fs/mG3zr5ba9m2S+6gvUZJq4j+0uJ+jf6cG/x2G9XSybqYQRwvxfNquKB4TcKiGVH5+ZbJT4ASkARadwoSPMGfvMPje+X2zAziSzXfsxYfIQKf6iJ9p7VavlDGi+Acr4kwFXW5IfQs4uGk6AVQFsoZK3o1hhLOkuOwWQEWhDQGNLXwJbFqXfELOnUQvM0Z5NUm46bjAAi4g+X9gLPNR/KjzXuuTTaWYrQEjXLb7PxS0sIttAb1w+sTXXtc1kDIsABC6KcsyGlEwji5sLkabku=", + "ASIABBKK02W42Q3IPBAR:fkhIiUwQY32Zu9e4a86g9r3WpTzfE1aXljVcMUFC:aSqfp/GTZbJP+tXPNCZ9GoveoM0vgxtlYXdzPQ2uYNMPPgUkt0VT7SoTLasAo7iVqWWREOUC6DEenlcgDEKyzIEgQW5Ju/b9K/Z176uD2HJYCfq/lyowHtt5PvJi7LRuf/urSorGbTcqNUvPi42YP1Ps/4F6He9hQA1io3EAGBC3ICGHXWf2IlvFoTNUyPTqhjnPEKMWZ42jblqNAdD7hLpzNXmmGhdLCjy99XK8+gjHdZHkOeD/FIjRPRZ7Jl0tdwdqFEwzRVCzL2uelMVMd3UaZ+d4I4Kf+J464piO//jxx48Fs/mG3zr5ba9m2S+6gvUZJq4j+0uJ+jf6cG/x2G9XSybqYQRwvxfNquKB4TcKiGVH5+ZbJT4ASkARadwoSPMGfvMPje+X2zAziSzXfsxYfIQKf6iJ9p7VavlDGi+Acr4kwFXW5IfQs4uGk6AVQFsoZK3o1hhLOkuOwWQEWhDQGNLXwJbFqXfELOnUQvM0Z5NUm46bjAAi4g+X9gLPNR/KjzXuuTTaWYrQEjXLb7PxS0sIttAb1w+sTXXtc1kDIsABC6KcsyGlEwji5sLkbkUa=", + "ASIABBKK02W42Q3IPBAR:fkhIiUwQY32Zu9e4a86g9r3WpTzfE1aXljVcMUFC:aSqfp/GTZbJP+tXPNCZ9GoveoM0vgxtlYXdzPQ2uYNMPPgUkt0VT7SoTLasAo7iVqWWREOUC6DEenlcgDEKyzIEgQW5Ju/b9K/Z176uD2HJYCfq/lyowHtt5PvJi7LRuf/urSorGbTcqNUvPi42YP1Ps/4F6He9hQA1io3EAGBC3ICGHXWf2IlvFoTNUyPTqhjnPEKMWZ42jblqNAdD7hLpzNXmmGhdLCjy99XK8+gjHdZHkOeD/FIjRPRZ7Jl0tdwdqFEwzRVCzL2uelMVMd3UaZ+d4I4Kf+J464piO//jxx48Fs/mG3zr5ba9m2S+6gvUZJq4j+0uJ+jf6cG/x2G9XSybqYQRwvxfNquKB4TcKiGVH5+ZbJT4ASkARadwoSPMGfvMPje+X2zAziSzXfsxYfIQKf6iJ9p7VavlDGi+Acr4kwFXW5IfQs4uGk6AVQFsoZK3o1hhLOkuOwWQEWhDQGNLXwJbFqXfELOnUQvM0Z5NUm46bjAAi4g+X9gLPNR/KjzXuuTTaWYrQEjXLb7PxS0sIttAb1w+sTXXtc1kDIsABC6KcsyGlEwji5sLkabku=", + }, + }, { name: "invalid pattern", input: ` diff --git a/pkg/detectors/aws/utils.go b/pkg/detectors/aws/utils.go index 468562b557b2..596a7752394b 100644 --- a/pkg/detectors/aws/utils.go +++ b/pkg/detectors/aws/utils.go @@ -86,11 +86,13 @@ func GetHMAC(key []byte, data []byte) []byte { return hasher.Sum(nil) } -func CleanResults(results []detectors.Result) []detectors.Result { +func CleanResults(results []detectors.Result, verificationEnabled bool) []detectors.Result { if len(results) == 0 { return results } - + if !verificationEnabled { + return results + } // For every ID, we want at most one result, preferably verified. idResults := map[string]detectors.Result{} for _, result := range results { diff --git a/pkg/detectors/detectors.go b/pkg/detectors/detectors.go index 38f1ad44608e..235cdfd183e8 100644 --- a/pkg/detectors/detectors.go +++ b/pkg/detectors/detectors.go @@ -46,7 +46,7 @@ type Detector interface { type CustomResultsCleaner interface { // CleanResults removes "superfluous" results from a result set (where the definition of "superfluous" is detector- // specific). - CleanResults(results []Result) []Result + CleanResults(results []Result, verificationEnabled bool) []Result // ShouldCleanResultsIrrespectiveOfConfiguration allows a custom cleaner to instruct the engine to ignore // user-provided configuration that controls whether results are cleaned. (User-provided configuration is not the // only factor that determines whether the engine runs cleaning logic.) @@ -244,7 +244,7 @@ func CopyMetadata(chunk *sources.Chunk, result Result) ResultWithMetadata { // CleanResults returns all verified secrets, and if there are no verified secrets, // just one unverified secret if there are any. -func CleanResults(results []Result) []Result { +func CleanResults(results []Result, _ bool) []Result { if len(results) == 0 { return results } diff --git a/pkg/engine/engine.go b/pkg/engine/engine.go index 25f8270aa8b6..cbf1170ca0f0 100644 --- a/pkg/engine/engine.go +++ b/pkg/engine/engine.go @@ -1205,7 +1205,7 @@ func (e *Engine) filterResults( ignoreConfig = cleaner.ShouldCleanResultsIrrespectiveOfConfiguration() } if e.filterUnverified || ignoreConfig { - results = clean(results) + results = clean(results, e.verify) } if e.filterEntropy != 0 { diff --git a/pkg/engine/engine_test.go b/pkg/engine/engine_test.go index c6d4bdec57a5..8e50ebe0eb66 100644 --- a/pkg/engine/engine_test.go +++ b/pkg/engine/engine_test.go @@ -1180,7 +1180,10 @@ func (c customCleaner) Type() detectorspb.DetectorType { return detectorspb.Dete func (customCleaner) Description() string { return "" } -func (c customCleaner) CleanResults([]detectors.Result) []detectors.Result { +func (c customCleaner) CleanResults(result []detectors.Result, verficationEnabled bool) []detectors.Result { + if !verficationEnabled { + return []detectors.Result{{}} + } return []detectors.Result{} } func (c customCleaner) ShouldCleanResultsIrrespectiveOfConfiguration() bool { return c.ignoreConfig } @@ -1190,6 +1193,7 @@ func TestFilterResults_CustomCleaner(t *testing.T) { name string cleaningConfigured bool ignoreConfig bool + verify bool resultsToClean []detectors.Result wantResults []detectors.Result }{ @@ -1197,6 +1201,7 @@ func TestFilterResults_CustomCleaner(t *testing.T) { name: "respect config to clean", cleaningConfigured: true, ignoreConfig: false, + verify: true, resultsToClean: []detectors.Result{{}}, wantResults: []detectors.Result{}, }, @@ -1204,6 +1209,7 @@ func TestFilterResults_CustomCleaner(t *testing.T) { name: "respect config to not clean", cleaningConfigured: false, ignoreConfig: false, + verify: true, resultsToClean: []detectors.Result{{}}, wantResults: []detectors.Result{{}}, }, @@ -1211,9 +1217,18 @@ func TestFilterResults_CustomCleaner(t *testing.T) { name: "clean irrespective of config", cleaningConfigured: false, ignoreConfig: true, + verify: true, resultsToClean: []detectors.Result{{}}, wantResults: []detectors.Result{}, }, + { + name: "clean irrespective of config with verification disabled", + cleaningConfigured: false, + ignoreConfig: true, + verify: false, + resultsToClean: []detectors.Result{{}}, + wantResults: []detectors.Result{{}}, + }, } for _, tt := range testCases { @@ -1226,6 +1241,7 @@ func TestFilterResults_CustomCleaner(t *testing.T) { engine := Engine{ filterUnverified: tt.cleaningConfigured, retainFalsePositives: true, + verify: tt.verify, } cleaned := engine.filterResults(context.Background(), &match, tt.resultsToClean)