chore(secrets): update detect secrets to 1.5.17 (#6776)

Pipfile

@@ -43,7 +43,7 @@ types-colorama = "<0.5.0,>=0.4.3"
 # REMINDER: Update "install_requires" deps on setup.py when changing
 #
 bc-python-hcl2 = "==0.4.2"
-bc-detect-secrets = "==1.5.15"
+bc-detect-secrets = "==1.5.17"
 bc-jsonpath-ng = "==1.6.1"
 pycep-parser = "==0.4.1"
 tabulate = ">=0.9.0,<0.10.0"

checkov/common/bridgecrew/integration_features/features/fixes_integration.py

@@ -142,7 +142,7 @@ def _get_fixes_for_file(
 
         logging.debug(f'Response from fixes API: {request.data}')
 
-        fixes: list[dict[str, Any]] = json.loads(request.data) if request.data else None
+        fixes: list[dict[str, Any]] | None = json.loads(request.data) if request.data else None
         if not fixes or not isinstance(fixes, list):
             logging.warning(f'Unexpected fixes API response for file {filename}; skipping fixes for this file')
             return None

checkov/common/bridgecrew/wrapper.py

@@ -81,7 +81,7 @@ def reduce_scan_reports(scan_reports: list[Report], on_prem: Optional[bool] = Fa
             continue
         reduced_keys = secrets_check_reduced_keys if check_type == CheckType.SECRETS else check_reduced_keys
         if on_prem:
-            reduced_keys = tuple(k for k in reduced_keys if k != 'code_block')
+            reduced_keys = tuple(k for k in reduced_keys if k != 'code_block')  # type: ignore
         reduced_scan_reports[check_type] = \
             {
                 "checks": {

checkov/common/runners/base_runner.py

@@ -179,10 +179,10 @@ def filter_ignored_paths(
     # mostly this will just remove those problematic directories hardcoded above.
     included_paths = included_paths or []
     for entry in list(names):
-        path = entry.name if isinstance(entry, os.DirEntry) else entry
-        if path in ignored_directories:
+        cur_path: str = str(entry.name) if isinstance(entry, os.DirEntry) else str(entry)
+        if cur_path in ignored_directories:
             safe_remove(names, entry)
-        if path.startswith(".") and IGNORE_HIDDEN_DIRECTORY_ENV and path not in included_paths:
+        if cur_path.startswith(".") and IGNORE_HIDDEN_DIRECTORY_ENV and cur_path not in included_paths:
             safe_remove(names, entry)
 
     # now apply the new logic
@@ -197,7 +197,7 @@ def filter_ignored_paths(
                 # do not add compiled paths that aren't regexes
                 continue
         for entry in list(names):
-            path = entry.name if isinstance(entry, os.DirEntry) else entry
+            path: str = str(entry.name) if isinstance(entry, os.DirEntry) else str(entry)
             full_path = os.path.join(root_dir, path)
             if any(pattern.search(full_path) for pattern in compiled) or any(p in full_path for p in excluded_paths):
                 safe_remove(names, entry)

checkov/secrets/utils.py

@@ -27,13 +27,13 @@ def filter_excluded_paths(
                 # do not add compiled paths that aren't regexes
                 continue
         for entry in list(names):
-            path = entry.name if isinstance(entry, os.DirEntry) else entry
+            path = str(entry.name) if isinstance(entry, os.DirEntry) else str(entry)
             full_path = os.path.join(root_dir, path)
             if any(pattern.search(full_path) for pattern in compiled) or any(p in full_path for p in excluded_paths):
                 safe_remove(names, entry)
 
     # support for our own excluded paths list
     for entry in list(names):
-        path = entry.name if isinstance(entry, os.DirEntry) else entry
+        path = str(entry.name) if isinstance(entry, os.DirEntry) else str(entry)
         if path in EXCLUDED_PATHS:
             safe_remove(names, entry)

setup.py

@@ -66,7 +66,7 @@ def run(self) -> None:
     },
     install_requires=[
         "bc-python-hcl2==0.4.2",
-        "bc-detect-secrets==1.5.15",
+        "bc-detect-secrets==1.5.17",
         "bc-jsonpath-ng==1.6.1",
         "pycep-parser==0.4.1",
         "tabulate>=0.9.0,<0.10.0",