Use unverified by default, only report false for true neg (Yelp#289)

* Use unverified by default, only report false for true neg * Still use 5s as timeout
IBM · Sep 9, 2020 · 6fb2100 · 6fb2100
1 parent fa39922
commit 6fb2100
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/detect_secrets/plugins/db2.py b/detect_secrets/plugins/db2.py
@@ -172,10 +172,11 @@ def verify_db2_credentials(
         else:
             return VerifiedResult.VERIFIED_FALSE
     except Exception as e:
-        if 'Timeout' in str(e):
-            return VerifiedResult.UNVERIFIED
-        else:
+        if 'invalid' in str(e).lower():
+            # Only return for true negative
             return VerifiedResult.VERIFIED_FALSE
+        else:
+            return VerifiedResult.UNVERIFIED
 
 
 def find_other_factor(content, factor_keyword_regex, factor_regex):

diff --git a/tests/plugins/db2_test.py b/tests/plugins/db2_test.py
@@ -89,7 +89,7 @@ def test_verify_invalid_connect_throws_exception(self, mock_db2_connect):
                host={},
                port={}'''.format(DB2_USER, DB2_PASSWORD, DB2_DATABASE, DB2_HOSTNAME, DB2_PORT),
             potential_secret,
-        ) == VerifiedResult.VERIFIED_FALSE
+        ) == VerifiedResult.UNVERIFIED
 
         mock_db2_connect.assert_called_with(DB2_CONN_STRING, '', '')