Skip to content

Commit

Permalink
Merge pull request #98 from Yelp/improved-basic-auth-detector
Browse files Browse the repository at this point in the history
Improved BasicAuth detector
  • Loading branch information
domanchi authored Dec 4, 2018
2 parents 839f02b + d7a0a08 commit 138816f
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 8 deletions.
37 changes: 30 additions & 7 deletions detect_secrets/core/audit.py
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,7 @@ def compare_baselines(old_baseline_filename, new_baseline_filename):
total_reviews,
plugins_used,
additional_header_lines=header,
force=is_removed,
)
decision = _get_user_decision(
can_step_back=secret_iterator.can_step_back(),
Expand Down Expand Up @@ -315,6 +316,7 @@ def _print_context( # pragma: no cover
total,
plugin_settings,
additional_header_lines=None,
force=False,
):
"""
:type filename: str
Expand All @@ -336,6 +338,10 @@ def _print_context( # pragma: no cover
:param additional_header_lines: any additional lines to add to the
header of the interactive audit display.
:type force: bool
:param force: if True, will print the lines of code even if it doesn't
find the secret expected
:raises: SecretNotFoundOnSpecifiedLineError
"""
print('{} {} {} {}\n{} {}\n{} {}'.format(
Expand All @@ -359,6 +365,7 @@ def _print_context( # pragma: no cover
filename,
secret,
plugin_settings,
force=force,
)
print(secret_with_context)
except SecretNotFoundOnSpecifiedLineError as e:
Expand Down Expand Up @@ -421,6 +428,7 @@ def _get_secret_with_context(
secret,
plugin_settings,
lines_of_context=5,
force=False,
):
"""
Displays the secret, with surrounding lines of code for better context.
Expand All @@ -438,6 +446,10 @@ def _get_secret_with_context(
:param lines_of_context: number of lines displayed before and after
secret.
:type force: bool
:param force: if True, will print the lines of code even if it doesn't
find the secret expected
:raises: SecretNotFoundOnSpecifiedLineError
"""
secret_lineno = secret['line_number']
Expand Down Expand Up @@ -472,13 +484,24 @@ def _get_secret_with_context(
# NOTE: index_of_secret_in_output should *always* be negative.
index_of_secret_in_output = -trailing_lines_of_context - 1

output[index_of_secret_in_output] = _highlight_secret(
output[index_of_secret_in_output],
secret_lineno,
secret,
filename,
plugin_settings,
)
try:
output[index_of_secret_in_output] = _highlight_secret(
output[index_of_secret_in_output],
secret_lineno,
secret,
filename,
plugin_settings,
)
except SecretNotFoundOnSpecifiedLineError:
if not force:
raise

output[index_of_secret_in_output] = '{}'.format(
BashColor.color(
output[index_of_secret_in_output],
Color.BOLD,
),
)

# Adding line numbers
return '\n'.join(
Expand Down
6 changes: 5 additions & 1 deletion detect_secrets/plugins/basic_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,12 @@
from detect_secrets.core.potential_secret import PotentialSecret


SPECIAL_URL_CHARACTERS = ':/?#[]@'
BASIC_AUTH_REGEX = re.compile(
r'://[^:]+:([^@]+)@',
r'://[^{}\s]+:([^{}\s]+)@'.format(
re.escape(SPECIAL_URL_CHARACTERS),
re.escape(SPECIAL_URL_CHARACTERS),
),
)


Expand Down
1 change: 1 addition & 0 deletions tests/plugins/basic_auth_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ class TestBasicAuthDetector(object):
'payload, should_flag',
[
('https://username:password@yelp.com', True,),
('http://localhost:5000/<%= @variable %>', False,),
],
)
def test_analyze_string(self, payload, should_flag):
Expand Down

0 comments on commit 138816f

Please sign in to comment.