fix(secret-scanning): secret detection should produce an user error n…

…ot a system one
netlify · Oct 25, 2023 · 150619f · 150619f
1 parent 9ef1a15
commit 150619f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/packages/build/src/error/type.js b/packages/build/src/error/type.js
@@ -104,7 +104,7 @@ const TYPES = {
   secretScanningFoundSecrets: {
     title: 'Secrets scanning detected secrets in files during build.',
     stackType: 'none',
-    severity: 'error',
+    severity: 'info',
   },
 
   // Plugin called `utils.build.failBuild()`

diff --git a/packages/build/tests/secrets_scanning/tests.js b/packages/build/tests/secrets_scanning/tests.js
@@ -59,6 +59,18 @@ test('secrets scanning, should fail build when it finds secrets in the src and b
   t.snapshot(normalizeOutput(output))
 })
 
+test('secrets scanning failure should produce an user error', async (t) => {
+  const { severityCode } = await new Fixture('./fixtures/src_scanning_env_vars_set_non_empty')
+    .withFlags({
+      debug: false,
+      explicitSecretKeys:
+        'ENV_VAR_MULTILINE_A,ENV_VAR_1,ENV_VAR_2,ENV_VAR_3,ENV_VAR_4,ENV_VAR_5,ENV_VAR_6,ENV_VAR_MULTILINE_B',
+    })
+    .runBuildProgrammatic()
+  // Severity code of 2 is user error
+  t.is(severityCode, 2)
+})
+
 test('secrets scanning, should not fail if the secrets values are not detected in the build output', async (t) => {
   const output = await new Fixture('./fixtures/src_scanning_env_vars_no_matches')
     .withFlags({ debug: false, explicitSecretKeys: 'ENV_VAR_1,ENV_VAR_2' })