From d912ced2e7a7607f06794e3d916b10e52536bd5c Mon Sep 17 00:00:00 2001 From: Kevin Hock Date: Thu, 20 Sep 2018 11:33:04 -0700 Subject: [PATCH] Add whitelist to Keyword plugin, fix the rest of the tests --- detect_secrets/core/potential_secret.py | 2 +- detect_secrets/plugins/keyword.py | 4 ++++ test_data/files/file_with_secrets.py | 2 +- test_data/short_files/first_line.py | 2 +- tests/main_test.py | 2 +- 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/detect_secrets/core/potential_secret.py b/detect_secrets/core/potential_secret.py index 96ecc08a2..a48d33ea6 100644 --- a/detect_secrets/core/potential_secret.py +++ b/detect_secrets/core/potential_secret.py @@ -24,7 +24,7 @@ def __init__( ): """ :type typ: str - :param typ: human-readable secret types, defined by the plugins + :param typ: human-readable secret type, defined by the plugin that generated this PotentialSecret. e.g. "High Entropy String" diff --git a/detect_secrets/plugins/keyword.py b/detect_secrets/plugins/keyword.py index d5d067af1..cfe723d53 100644 --- a/detect_secrets/plugins/keyword.py +++ b/detect_secrets/plugins/keyword.py @@ -28,6 +28,7 @@ from .base import BasePlugin from detect_secrets.core.potential_secret import PotentialSecret +from detect_secrets.plugins.core.constants import WHITELIST_REGEX BLACKLIST = ( @@ -51,6 +52,9 @@ class KeywordDetector(BasePlugin): def analyze_string(self, string, line_num, filename): output = {} + if WHITELIST_REGEX.search(string): + return output + for identifier in self.secret_generator(string.lower()): secret = PotentialSecret( self.secret_type, diff --git a/test_data/files/file_with_secrets.py b/test_data/files/file_with_secrets.py index eeaaa5707..802a99100 100644 --- a/test_data/files/file_with_secrets.py +++ b/test_data/files/file_with_secrets.py @@ -1,6 +1,6 @@ #!/usr/bin/python # Will change this later. -SUPER_SECRET_VALUE = 'c3VwZXIgbG9uZyBzdHJpbmcgc2hvdWxkIGNhdXNlIGVub3VnaCBlbnRyb3B5' +SUPER_SEECRET_VALUE = 'c3VwZXIgbG9uZyBzdHJpbmcgc2hvdWxkIGNhdXNlIGVub3VnaCBlbnRyb3B5' VERY_SECRET_TOO = 'f6CGV4aMM9zedoh3OUNbSakBymo7yplB' # pragma: whitelist secret diff --git a/test_data/short_files/first_line.py b/test_data/short_files/first_line.py index ae20b49c3..9b1d12e67 100644 --- a/test_data/short_files/first_line.py +++ b/test_data/short_files/first_line.py @@ -1,4 +1,4 @@ -secret = 'BEEF0123456789a' +seecret = 'BEEF0123456789a' skipped_sequential_false_positive = '0123456789a' print('second line') var = 'third line' diff --git a/tests/main_test.py b/tests/main_test.py index 482e7e116..8f936a4c6 100644 --- a/tests/main_test.py +++ b/tests/main_test.py @@ -181,7 +181,7 @@ def test_old_baseline_ignored_with_update_flag( ( 'test_data/short_files/first_line.py', textwrap.dedent(""" - 1:secret = 'BEEF0123456789a' + 1:seecret = 'BEEF0123456789a' 2:skipped_sequential_false_positive = '0123456789a' 3:print('second line') 4:var = 'third line'