feat: rename enhanced secret scan env vars (#6414)

Co-authored-by: Michal Piechowiak <[email protected]>

Author: aitchiss

packages/build/src/log/messages/core_steps.js

@@ -188,7 +188,7 @@ export const logSecretsScanFailBuildMessage = function ({
       )
       logError(
         logs,
-        `\nIf these are expected, use ENHANCED_SECRETS_SCAN_OMIT_VALUES, or ENHANCED_SECRETS_SCAN_ENABLED to prevent detecting.`,
+        `\nIf these are expected, use SECRETS_SCAN_SMART_DETECTION_OMIT_VALUES, or SECRETS_SCAN_SMART_DETECTION_ENABLED to prevent detecting.`,
       )
     }
   }

packages/build/src/plugins_core/secrets_scanning/index.ts

@@ -64,18 +64,18 @@ const coreStep: CoreStepFunction = async function ({
   if (enhancedSecretScan && enhancedScanShouldRunInActiveMode && !enhancedScanningEnabledInEnv) {
     logSecretsScanSkipMessage(
       logs,
-      'Enhanced secrets detection disabled via ENHANCED_SECRETS_SCAN_ENABLED flag set to false.',
+      'Enhanced secrets detection disabled via SECRETS_SCAN_SMART_DETECTION_ENABLED flag set to false.',
     )
   }
 
   if (
     enhancedScanShouldRunInActiveMode &&
     enhancedScanConfigured &&
-    envVars['ENHANCED_SECRETS_SCAN_OMIT_VALUES'] !== undefined
+    envVars['SECRETS_SCAN_SMART_DETECTION_OMIT_VALUES'] !== undefined
   ) {
     log(
       logs,
-      `ENHANCED_SECRETS_SCAN_OMIT_VALUES override option set to: ${envVars['ENHANCED_SECRETS_SCAN_OMIT_VALUES']}\n`,
+      `SECRETS_SCAN_SMART_DETECTION_OMIT_VALUES override option set to: ${envVars['SECRETS_SCAN_SMART_DETECTION_OMIT_VALUES']}\n`,
     )
   }
 

packages/build/src/plugins_core/secrets_scanning/utils.ts

@@ -53,7 +53,7 @@ export function isSecretsScanningEnabled(env: Record<string, unknown>): boolean
  * @returns
  */
 export function isEnhancedSecretsScanningEnabled(env: Record<string, unknown>): boolean {
-  if (env.ENHANCED_SECRETS_SCAN_ENABLED === false || env.ENHANCED_SECRETS_SCAN_ENABLED === 'false') {
+  if (env.SECRETS_SCAN_SMART_DETECTION_ENABLED === false || env.SECRETS_SCAN_SMART_DETECTION_ENABLED === 'false') {
     return false
   }
   return true
@@ -71,7 +71,7 @@ export function getStringArrayFromEnvValue(env: Record<string, unknown>, envVarN
 }
 
 export function getOmitValuesFromEnhancedScanForEnhancedScanFromEnv(env: Record<string, unknown>): unknown[] {
-  return getStringArrayFromEnvValue(env, 'ENHANCED_SECRETS_SCAN_OMIT_VALUES')
+  return getStringArrayFromEnvValue(env, 'SECRETS_SCAN_SMART_DETECTION_OMIT_VALUES')
 }
 
 function filterOmittedKeys(env: Record<string, unknown>, envKeys: string[] = []): string[] {

packages/build/tests/secrets_scanning/fixtures/src_scanning_likely_enhanced_scan_secrets_disabled/netlify.toml

@@ -1,4 +1,4 @@
 [build.environment]
-  ENHANCED_SECRETS_SCAN_ENABLED = "false"
+  SECRETS_SCAN_SMART_DETECTION_ENABLED = "false"
   ENV_VAR_1 = "sk_12345678901234567890"
   ENV_VAR_2 = "val2-val2-val2"

packages/build/tests/secrets_scanning/fixtures/src_scanning_likely_enhanced_scan_secrets_omitted/netlify.toml

@@ -1,4 +1,4 @@
 [build.environment]
   ENV_VAR_1 = "sk_12345678901234567890"
   ENV_VAR_2 = "val2-val2-val2"
-  ENHANCED_SECRETS_SCAN_OMIT_VALUES = "sk_12345678901234567890"
+  SECRETS_SCAN_SMART_DETECTION_OMIT_VALUES = "sk_12345678901234567890"

packages/build/tests/secrets_scanning/tests.js

@@ -294,7 +294,7 @@ for (const { testPrefix, featureFlags } of [
 
   test(
     testPrefix +
-      'secrets scanning, enhanced scan should not find matches when disabled with ENHANCED_SECRETS_SCAN_ENABLED set to false',
+      'secrets scanning, enhanced scan should not find matches when disabled with SECRETS_SCAN_SMART_DETECTION_ENABLED set to false',
     async (t) => {
       const { requests } = await new Fixture('./fixtures/src_scanning_likely_enhanced_scan_secrets_disabled')
         .withFlags({
@@ -313,7 +313,8 @@ for (const { testPrefix, featureFlags } of [
   )
 
   test(
-    testPrefix + 'secrets scanning, enhanced scan should skip matches defined in ENHANCED_SECRETS_SCAN_OMIT_VALUES',
+    testPrefix +
+      'secrets scanning, enhanced scan should skip matches defined in SECRETS_SCAN_SMART_DETECTION_OMIT_VALUES',
     async (t) => {
       const { requests, output } = await new Fixture('./fixtures/src_scanning_likely_enhanced_scan_secrets_omitted')
         .withFlags({
@@ -326,15 +327,16 @@ for (const { testPrefix, featureFlags } of [
         })
         .runBuildServer({ path: '/api/v1/deploys/test/validations_report' })
 
-      t.true(normalizeOutput(output).includes('ENHANCED_SECRETS_SCAN_OMIT_VALUES override option set'))
+      t.true(normalizeOutput(output).includes('SECRETS_SCAN_SMART_DETECTION_OMIT_VALUES override option set'))
       t.true(requests.length === 1)
       const request = requests[0]
       t.is(request.body.secrets_scan.enhancedSecretsScanMatches.length, 0)
     },
   )
 
   test(
-    testPrefix + 'secrets scanning, ENHANCED_SECRETS_SCAN_OMIT_VALUES not logged if enhanced scanning not enabled',
+    testPrefix +
+      'secrets scanning, SECRETS_SCAN_SMART_DETECTION_OMIT_VALUES not logged if enhanced scanning not enabled',
     async (t) => {
       const { output } = await new Fixture('./fixtures/src_scanning_likely_enhanced_scan_secrets_omitted')
         .withFlags({
@@ -347,7 +349,7 @@ for (const { testPrefix, featureFlags } of [
         })
         .runBuildServer({ path: '/api/v1/deploys/test/validations_report' })
 
-      t.false(normalizeOutput(output).includes('ENHANCED_SECRETS_SCAN_OMIT_VALUES override option set'))
+      t.false(normalizeOutput(output).includes('SECRETS_SCAN_SMART_DETECTION_OMIT_VALUES override option set'))
     },
   )