simplify sensitive var scanner

strtgbb · strtgbb · commit 974564c375fe · 2025-09-05T12:40:13.000-04:00
diff --git a/tests/ci/s3_helper.py b/tests/ci/s3_helper.py
@@ -20,9 +20,7 @@
     S3_URL,
 )
 
-sensitive_var_pattern = re.compile(
-    r"\b[A-Z_]*(?<!WRONG_)(SECRET|PASSWORD|ACCESS_KEY|TOKEN)[A-Z_]*\b(?!%)(?!=clickhouse$)(?!=minio)(?!: \*{3}$)(?! '\[HIDDEN\]')"
-)
+sensitive_var_pattern = re.compile(r"[A-Z_]*(SECRET|PASSWORD|KEY|TOKEN|AZURE)[A-Z_]*")
 sensitive_strings = {
     var: value for var, value in os.environ.items() if sensitive_var_pattern.match(var)
 }
@@ -41,8 +39,6 @@ def clean_line(line):
 
     matches = []
     for line_number, line in enumerate(file_content.splitlines(), start=1):
-        for match in sensitive_var_pattern.finditer(line):
-            matches.append((file_name, line_number, clean_line(line)))
         for name, value in sensitive_strings.items():
             if value in line:
                 matches.append((file_name, line_number, clean_line(line)))
