UNPKG

@netlify/build

Version:

Netlify build module

github.com/netlify/build

netlify/build

68 lines (67 loc) 2.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
export interface ScanResults { matches: MatchResult[]; scannedFilesCount: number; } interface ScanArgs { env: Record<string, unknown>; keys: string[]; base: string; filePaths: string[]; } interface MatchResult { lineNumber: number; key: string; file: string; } /** * Determine if the user disabled scanning via env var * @param env current envars * @returns */ export declare function isSecretsScanningEnabled(env: Record<string, unknown>): boolean; /** * given the explicit secret keys and env vars, return the list of secret keys which have non-empty or non-trivial values. This * will also filter out keys passed in the SECRETS_SCAN_OMIT_KEYS env var. * * non-trivial values are values that are: * - >4 characters/digits * - not booleans * * @param env env vars list * @param secretKeys * @returns string[] */ export declare function getSecretKeysToScanFor(env: Record<string, unknown>, secretKeys: string[]): string[]; /** * Given the env and base directory, find all file paths to scan. It will look at the * env vars to decide if it should omit certain paths. * * @param options * @returns string[] of relative paths from base of files that should be searched */ export declare function getFilePathsToScan({ env, base }: { env: any; base: any; }): Promise<string[]>; /** * Given the env vars, the current keys, paths, etc. Look across the provided files to find the values * of the secrets based on the keys provided. It will process files separately in different read streams. * The values that it looks for will be a unique set of plaintext, base64 encoded, and uri encoded permutations * of each value - to catch common permutations that occur post build. * * @param scanArgs {ScanArgs} scan options * @returns promise with all of the scan results, if any */ export declare function scanFilesForKeyValues({ env, keys, filePaths, base }: ScanArgs): Promise<ScanResults>; /** * ScanResults are all of the finds for all keys and their disparate locations. Scanning is * async in streams so order can change a lot. This function groups the results into an object * where the keys are the env var keys and the values are all match results for that key * * @param scanResults * @returns */ export declare function groupScanResultsByKey(scanResults: ScanResults): { [key: string]: MatchResult[]; }; export {};