Report other_factors found in AWSDetector verify (Yelp#185)

Supports git-defenders/detect-secrets-discuss#170

detect_secrets/plugins/aws.py

@@ -23,13 +23,14 @@ class AWSKeyDetector(RegexBasedDetector):
         re.compile(r'AKIA[0-9A-Z]{16}'),
     )
 
-    def verify(self, token, content, **kwargs):
+    def verify(self, token, content, potential_secret=None):
         secret_access_key = get_secret_access_key(content)
         if not secret_access_key:
             return VerifiedResult.UNVERIFIED
 
-        for candidate in secret_access_key_candidates:
-            if verify_aws_secret_access_key(token, candidate):
+        for candidate in secret_access_key:
+            if verify_aws_secret_access_key(token, candidate, potential_secret):
+                potential_secret.other_factors['secret_access_key'] = candidate
                 return VerifiedResult.VERIFIED_TRUE
 
         return VerifiedResult.VERIFIED_FALSE

tests/plugins/aws_key_test.py

@@ -4,6 +4,7 @@
 import pytest
 
 from detect_secrets.core.constants import VerifiedResult
+from detect_secrets.core.potential_secret import PotentialSecret
 from detect_secrets.plugins.aws import AWSKeyDetector
 from detect_secrets.plugins.aws import get_secret_access_keys
 from testing.mocks import mock_file_object
@@ -53,19 +54,24 @@ def test_verify_valid_secret(self):
             'detect_secrets.plugins.aws.verify_aws_secret_access_key',
             return_value=True,
         ):
+            potential_secret = PotentialSecret('test aws', 'test filename', self.example_key)
             assert AWSKeyDetector().verify(
                 self.example_key,
                 '={}'.format(EXAMPLE_SECRET),
+                potential_secret,
             ) == VerifiedResult.VERIFIED_TRUE
+        assert potential_secret.other_factors['secret_access_key'] == EXAMPLE_SECRET
 
     def test_verify_invalid_secret(self):
         with mock.patch(
             'detect_secrets.plugins.aws.verify_aws_secret_access_key',
             return_value=False,
         ):
+            potential_secret = PotentialSecret('test aws', 'test filename', self.example_key)
             assert AWSKeyDetector().verify(
                 self.example_key,
                 '={}'.format(EXAMPLE_SECRET),
+                potential_secret,
             ) == VerifiedResult.VERIFIED_FALSE
 
     def test_verify_keep_trying_until_found_something(self):
@@ -81,6 +87,7 @@ def counter(*args, **kwargs):
             'detect_secrets.plugins.aws.verify_aws_secret_access_key',
             counter,
         ):
+            potential_secret = PotentialSecret('test aws', 'test filename', self.example_key)
             assert AWSKeyDetector().verify(
                 self.example_key,
                 textwrap.dedent("""
@@ -90,7 +97,9 @@ def counter(*args, **kwargs):
                     'TEST' * 10,
                     EXAMPLE_SECRET,
                 ),
+                potential_secret,
             ) == VerifiedResult.VERIFIED_TRUE
+        assert potential_secret.other_factors['secret_access_key'] == EXAMPLE_SECRET
 
 
 @pytest.mark.parametrize(