username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

fix: Exclude known NVS key names from secret detection
Some checks failed
Lint & Build / Security Flaw Analysis (push) Successful in 15s
Details
Lint & Build / Secret Scanning (push) Successful in 5s
Details
Lint & Build / C/C++ Static Analysis (push) Successful in 34s
Details
Lint & Build / Build Firmware (push) Failing after 2m13s
Details

Browse Source 
The strings check was matching 'auth_secret' (NVS key) and
'secret=%s' (printf format) as false positives. Filter out
known firmware patterns.
This commit is contained in:
user
2026-02-15 00:14:05 +01:00
parent ba6a2a13ee
commit 796c6ced28
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitea/workflows/lint.yml
View File

@@ -73,7 +73,8 @@ jobs:
CFG="get-started/csi_recv_router/sdkconfig" CFG="get-started/csi_recv_router/sdkconfig"
echo "=== Checking for hardcoded secrets ===" echo "=== Checking for hardcoded secrets ==="
if strings "$BIN" | grep -iqE '(password|secret|api_key|apikey)=[^$]'; then if strings "$BIN" | grep -iE '(password|secret|api_key|apikey)=' \
| grep -ivE '(auth_secret|secret=%s|secret=\$)'; then
echo "::error::Potential hardcoded secret found in binary" echo "::error::Potential hardcoded secret found in binary"
exit 1 exit 1
fi fi