diff --git a/crates/kingfisher-scanner/src/validation/utils.rs b/crates/kingfisher-scanner/src/validation/utils.rs index 7756047..cbeae46 100644 --- a/crates/kingfisher-scanner/src/validation/utils.rs +++ b/crates/kingfisher-scanner/src/validation/utils.rs @@ -32,7 +32,7 @@ pub fn process_captures(captures: &SerializableCaptures) -> Vec<(String, String, /// that should be paired with a secret key. pub fn find_closest_variable( captures: &[(String, String, usize, usize)], - target_value: &String, + target_value: &str, target_variable_name: &str, search_variable_name: &str, ) -> Option { @@ -40,7 +40,7 @@ pub fn find_closest_variable( // compare relative offsets with candidate variables. let mut target_positions = Vec::new(); for (name, value, start, end) in captures { - if name == target_variable_name && value == target_value { + if name == target_variable_name && value.as_str() == target_value { target_positions.push((*start, *end)); } } @@ -138,8 +138,7 @@ mod tests { ("AKID".to_string(), "following".to_string(), 180usize, 200usize), ]; - let result = - find_closest_variable(&captures, &"secret".to_string(), "TOKEN", "AKID").unwrap(); + let result = find_closest_variable(&captures, "secret", "TOKEN", "AKID").unwrap(); assert_eq!(result, "preceding".to_string()); } @@ -151,8 +150,7 @@ mod tests { ("AKID".to_string(), "after".to_string(), 60usize, 80usize), ]; - let result = - find_closest_variable(&captures, &"secret".to_string(), "TOKEN", "AKID").unwrap(); + let result = find_closest_variable(&captures, "secret", "TOKEN", "AKID").unwrap(); assert_eq!(result, "after".to_string()); } diff --git a/src/scanner/validation.rs b/src/scanner/validation.rs index 77eab98..a07d7a3 100644 --- a/src/scanner/validation.rs +++ b/src/scanner/validation.rs @@ -725,7 +725,7 @@ pub async fn run_secret_validation( let mut by_key: FxHashMap> = FxHashMap::default(); for om in owned { - by_key.entry(build_cache_key(&om, &dep_vars)).or_default().push(om); + by_key.entry(build_cache_key(&om)).or_default().push(om); } let reps: Vec<_> = by_key.into_iter().map(|(_k, mut v)| (v.remove(0), v)).collect(); @@ -859,7 +859,7 @@ async fn validate_single( validation_retries: u32, max_body_len: usize, ) { - let cache_key = build_cache_key(om, dep_vars); + let cache_key = build_cache_key(om); // Check cache first if let Some(cached) = cache.get(&cache_key) { om.validation_success = cached.is_valid; @@ -956,12 +956,8 @@ fn is_counted_validation_status(status: StatusCode) -> bool { !matches!(status, StatusCode::CONTINUE | StatusCode::PRECONDITION_REQUIRED) } -// Helper to compute the cache key for an OwnedBlobMatch -fn build_cache_key( - om: &OwnedBlobMatch, - dep_vars: &FxHashMap>, -) -> String { - // Build key +// Helper to compute the cache key for an OwnedBlobMatch. +fn build_cache_key(om: &OwnedBlobMatch) -> String { let capture0 = om.captures.captures.get(0).map_or(String::new(), |c| c.raw_value().to_string()); let has_context_dependency = om @@ -982,16 +978,7 @@ fn build_cache_key( ); } - let dep_vars_str = dep_vars - .get(om.rule.id()) - .map(|hm| { - let mut sorted: Vec<_> = hm.iter().collect(); - sorted.sort_by(|(k, _), (k2, _)| k.cmp(k2)); - sorted.into_iter().map(|(k, v)| format!("{}={}", k, v)).collect::>().join("|") - }) - .unwrap_or_default(); - - format!("{}|{}|{}", om.rule.name(), capture0, dep_vars_str) + format!("{}|{}", om.rule.name(), capture0) } fn maybe_record_access_map(om: &OwnedBlobMatch, collector: Option<&AccessMapCollector>) { diff --git a/src/validation.rs b/src/validation.rs index 0c7d911..f8aff4a 100644 --- a/src/validation.rs +++ b/src/validation.rs @@ -1551,9 +1551,7 @@ fn aws_akid_candidates( ) -> Vec { let mut candidates = Vec::new(); - if let Some(closest) = - utils::find_closest_variable(captured_values, &secret.to_string(), "TOKEN", "AKID") - { + if let Some(closest) = utils::find_closest_variable(captured_values, secret, "TOKEN", "AKID") { candidates.push((0usize, closest)); } diff --git a/src/validation/utils.rs b/src/validation/utils.rs index 10f6871..cb03d5a 100644 --- a/src/validation/utils.rs +++ b/src/validation/utils.rs @@ -153,7 +153,7 @@ pub fn process_captures(captures: &SerializableCaptures) -> Vec<(String, String, pub fn find_closest_variable( captures: &[(String, String, usize, usize)], - target_value: &String, + target_value: &str, target_variable_name: &str, search_variable_name: &str, ) -> Option { @@ -161,7 +161,7 @@ pub fn find_closest_variable( // compare relative offsets with candidate variables. let mut target_positions = Vec::new(); for (name, value, start, end) in captures { - if name == target_variable_name && value == target_value { + if name == target_variable_name && value.as_str() == target_value { target_positions.push((*start, *end)); } } @@ -346,8 +346,7 @@ mod tests { ("AKID".to_string(), "following".to_string(), 180usize, 200usize), ]; - let result = - find_closest_variable(&captures, &"secret".to_string(), "TOKEN", "AKID").unwrap(); + let result = find_closest_variable(&captures, "secret", "TOKEN", "AKID").unwrap(); assert_eq!(result, "preceding".to_string()); } @@ -359,8 +358,7 @@ mod tests { ("AKID".to_string(), "after".to_string(), 60usize, 80usize), ]; - let result = - find_closest_variable(&captures, &"secret".to_string(), "TOKEN", "AKID").unwrap(); + let result = find_closest_variable(&captures, "secret", "TOKEN", "AKID").unwrap(); assert_eq!(result, "after".to_string()); }