Unit test for empty AWS variables
diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py
index aae0734..9ef8fec 100644
--- a/pre_commit_hooks/detect_aws_credentials.py
+++ b/pre_commit_hooks/detect_aws_credentials.py
@@ -31,7 +31,7 @@
for env_var in (
'AWS_SECRET_ACCESS_KEY', 'AWS_SECURITY_TOKEN', 'AWS_SESSION_TOKEN',
):
- if env_var in os.environ:
+ if env_var in os.environ and os.environ[env_var]:
keys.add(os.environ[env_var])
return keys
@@ -84,7 +84,7 @@
for key in keys:
# naively match the entire file, low chance of incorrect
# collision
- if key and key in text_body:
+ if key in text_body:
bad_files.append(BadFile(filename, key[:4].ljust(28, '*')))
return bad_files
diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py
index 777fb48..46e5b36 100644
--- a/tests/detect_aws_credentials_test.py
+++ b/tests/detect_aws_credentials_test.py
@@ -47,6 +47,8 @@
({'AWS_SECRET_ACCESS_KEY': 'foo'}, {'foo'}),
({'AWS_SECURITY_TOKEN': 'foo'}, {'foo'}),
({'AWS_SESSION_TOKEN': 'foo'}, {'foo'}),
+ ({'AWS_SESSION_TOKEN': ''}, set()),
+ ({'AWS_SESSION_TOKEN': 'foo', 'AWS_SECURITY_TOKEN': ''}, {'foo'}),
({'AWS_DUMMY_KEY': 'foo', 'AWS_SECRET_ACCESS_KEY': 'bar'}, {'bar'}),
(
{'AWS_SECRET_ACCESS_KEY': 'foo', 'AWS_SECURITY_TOKEN': 'bar'},
