netlify
diff --git a/‎packages/build/src/plugins_core/secrets_scanning/secret_prefixes.ts‎
Lines changed: 5 additions & 0 deletions b/‎packages/build/src/plugins_core/secrets_scanning/secret_prefixes.ts‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/build/src/plugins_core/secrets_scanning/utils.ts‎
Lines changed: 3 additions & 2 deletions b/‎packages/build/src/plugins_core/secrets_scanning/utils.ts‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎packages/build/tests/utils_secretscanning/tests.js‎
Lines changed: 6 additions & 0 deletions b/‎packages/build/tests/utils_secretscanning/tests.js‎
Lines changed: 6 additions & 0 deletions
@@ -34,3 +34,8 @@ export const LIKELY_SECRET_PREFIXES = [
  ...SQUARE_PREFIXES,
  ...OTHER_COMMON_PREFIXES,
 ]
+
+/**
+ * Known values that we do not want to trigger secret detection failures (e.g. common to framework build output)
+ */
+export const SAFE_LISTED_VALUES = ['SECRET_DO_NOT_PASS_THIS_OR_YOU_WILL_BE_FIRED'] // Common to code using React PropTypes
@@ -5,7 +5,7 @@ import { createInterface } from 'node:readline'
 import { fdir } from 'fdir'
 import { minimatch } from 'minimatch'
 
-import { LIKELY_SECRET_PREFIXES } from './secret_prefixes.js'
+import { LIKELY_SECRET_PREFIXES, SAFE_LISTED_VALUES } from './secret_prefixes.js'
 
 export interface ScanResults {
  matches: MatchResult[]
@@ -181,11 +181,12 @@ export function findLikelySecrets({
 
  const matches: MatchResult[] = []
  let match: RegExpExecArray | null
+ const allOmittedValues = [...omitValuesFromEnhancedScan, ...SAFE_LISTED_VALUES]
 
  while ((match = likelySecretRegex.exec(line)) !== null) {
  const token = match.groups?.token
  const prefix = match.groups?.prefix
- if (!token || !prefix || omitValuesFromEnhancedScan?.includes(token)) {
+ if (!token || !prefix || allOmittedValues.includes(token)) {
  continue
  }
  matches.push({
 
@@ -90,6 +90,12 @@ test('findLikelySecrets - should match different prefixes from LIKELY_SECRET_PRE
  })
 })
 
+test('findLikelySecrets - should skip safe-listed values', async (t) => {
+ const line = 'const someString = "SECRET_DO_NOT_PASS_THIS_OR_YOU_WILL_BE_FIRED"'
+ const matches = findLikelySecrets({ line, file: testFile, lineNumber: 1 })
+ t.is(matches.length, 0)
+})
+
 test('findLikelySecrets - should match secrets with special characters', async (t) => {
  const lines = [
  'aws_abc123!@#$%^&*()_+', // Special chars
Original file line number	Diff line number	Diff line change
`@@ -34,3 +34,8 @@ export const LIKELY_SECRET_PREFIXES = [`
`34`	`34`	`...SQUARE_PREFIXES,`
`35`	`35`	`...OTHER_COMMON_PREFIXES,`
`36`	`36`	`]`
	`37`	`+`
	`38`	`+/**`
	`39`	`+ * Known values that we do not want to trigger secret detection failures (e.g. common to framework build output)`
	`40`	`+ */`
	`41`	`+export const SAFE_LISTED_VALUES = ['SECRET_DO_NOT_PASS_THIS_OR_YOU_WILL_BE_FIRED'] // Common to code using React PropTypes`