Skip to content

Commit

Permalink
Ignore id values in ini files
Browse files Browse the repository at this point in the history
  • Loading branch information
Victor Zhou committed Oct 7, 2019
1 parent 2b3d252 commit 0539c43
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 13 deletions.
2 changes: 1 addition & 1 deletion detect_secrets/plugins/common/ini_file_parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ def iterator(self):
key,
values,
):
yield value, offset
yield key, value, offset

def _get_value_and_line_offset(self, key, values):
"""Returns the index of the location of key, value pair in lines.
Expand Down
28 changes: 16 additions & 12 deletions detect_secrets/plugins/high_entropy_strings.py
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ def calculate_shannon_entropy(self, data):
return entropy

@staticmethod
def _check_for_false_positives_with_line_context(potential_secrets, line):
def _filter_false_positives_with_line_ctx(potential_secrets, line):
return {
key: value for key, value in potential_secrets.items()
if not is_false_positive_with_line_context(
Expand All @@ -102,7 +102,7 @@ def analyze_line(self, string, line_num, filename):
filename,
)

return HighEntropyStringsPlugin._check_for_false_positives_with_line_context(
return self._filter_false_positives_with_line_ctx(
output,
string,
)
Expand Down Expand Up @@ -176,23 +176,27 @@ def _analyze_ini_file(self, add_header=False):
:returns: same format as super().analyze()
"""
def wrapped(file, filename):
potential_secrets = {}
output = {}

with self.non_quoted_string_regex():
for value, lineno in IniFileParser(
for key, value, lineno in IniFileParser(
file,
add_header,
exclude_lines_regex=self.exclude_lines_regex,
).iterator():
potential_secrets.update(
self.analyze_string_content(
value,
lineno,
filename,
),
potential_secrets = self.analyze_string_content(
value,
lineno,
filename,
)
line = u'{key}={value}'.format(key=key, value=value)
potential_secrets = self._filter_false_positives_with_line_ctx(
potential_secrets,
line,
)
output.update(potential_secrets)

return potential_secrets
return output

return wrapped

Expand Down Expand Up @@ -254,7 +258,7 @@ def _analyze_yaml_file(self, file, filename):
item['__original_key__']: item['__value__'],
}).replace('\n', '')

secrets = HighEntropyStringsPlugin._check_for_false_positives_with_line_context(
secrets = self._filter_false_positives_with_line_ctx(
secrets,
dumped_key_value,
)
Expand Down
4 changes: 4 additions & 0 deletions test_data/config.ini
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,7 @@ password = 12345678901234 # pragma: allowlist secret

# unicode
foo=bår

[key with id in name]
real_secret_which_isnt_an_i_d = vh987tyw9ehy8ghis7vwyhiwbwitefy7w3ASDGYDGUASDG
foreign_key_id = vh987tyw9ehy8ghis7vwyhiwbwitefy7w3ASDGYDGUASDG
1 change: 1 addition & 0 deletions tests/plugins/high_entropy_strings_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,7 @@ def setup(self):
'Location: test_data/config.ini:15',
'Location: test_data/config.ini:21',
'Location: test_data/config.ini:22',
'Location: test_data/config.ini:32',
],
),
(
Expand Down

0 comments on commit 0539c43

Please sign in to comment.