Resolve Empty AWS Credentials Issue

[ksoeder]

Issue #, if available:
When committing anything on your machine where there are empty entries in your default aws credentials file such as
aws_access_key_id=
aws_secret_access_key=
aws_session_token=
git-secrets triggers on every file everywhere.
Description of changes:
This will prevent the empty values from getting pull in to check the regexes against.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[nettrino]

Thank you for this fix! Would it be easy to also add a test in the PR?

[ksoeder]

Unfortunately I don't see anywhere in your bats where you set up an /aws/credentials file for creating a test for this. I'm not sure how you'd like to test this stuff.

[creswick]

I think something along these lines would work to test this change:

@test "empty AWS Creds doesn't cause FPs" {
  setup_good_repo
  mkdir -p $HOME/.aws
  echo 'aws_access_key_id=' > $HOME/.aws/credentials
  echo 'aws_secret_access_key_id=' > $HOME/.aws/credentials
  repo_run git-secrets --aws-provider
  [ $status -eq 0 ]
}

That example, as-written, doesn't seem to be sufficient to reproduce the original issue, however, so it will need some adjusting.

[sparr]

This is my attempt to extend the test to actually use the provider, but it also passes.

@test "empty AWS Creds don't cause false positives" {
  setup_good_repo
  mkdir -p $HOME/.aws
  echo 'aws_access_key_id=' > $HOME/.aws/credentials
  echo 'aws_secret_access_key_id=' > $HOME/.aws/credentials
  repo_run git-secrets --register-aws
  repo_run git-secrets --scan
  [ $status -eq 0 ]
}

I also cannot reproduce the failure mode outside of a test case, running the script directly in my home environment with the credentials file in question in place.