Fix AWS verify (Yelp#192)

* Fix AWS verify Addresses git-defenders/detect-secrets-discuss#187 * Improve tests
IBM · Jan 8, 2020 · c935af7 · c935af7
1 parent dc723ab
commit c935af7
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/detect_secrets/plugins/aws.py b/detect_secrets/plugins/aws.py
@@ -31,7 +31,7 @@ def verify(self, token, content, potential_secret=None):
             return VerifiedResult.UNVERIFIED
 
         for candidate in secret_access_key:
-            if verify_aws_secret_access_key(token, candidate, potential_secret):
+            if verify_aws_secret_access_key(token, candidate):
                 potential_secret.other_factors['secret_access_key'] = candidate
                 return VerifiedResult.VERIFIED_TRUE
 

diff --git a/tests/plugins/aws_key_test.py b/tests/plugins/aws_key_test.py
@@ -57,26 +57,28 @@ def test_verify_valid_secret(self):
         with mock.patch(
             'detect_secrets.plugins.aws.verify_aws_secret_access_key',
             return_value=True,
-        ):
+        ) as mock_verify:
             potential_secret = PotentialSecret('test aws', 'test filename', self.example_key)
             assert AWSKeyDetector().verify(
                 self.example_key,
                 '={}'.format(EXAMPLE_SECRET),
                 potential_secret,
             ) == VerifiedResult.VERIFIED_TRUE
         assert potential_secret.other_factors['secret_access_key'] == EXAMPLE_SECRET
+        mock_verify.assert_called_with(self.example_key, EXAMPLE_SECRET)
 
     def test_verify_invalid_secret(self):
         with mock.patch(
             'detect_secrets.plugins.aws.verify_aws_secret_access_key',
             return_value=False,
-        ):
+        ) as mock_verify:
             potential_secret = PotentialSecret('test aws', 'test filename', self.example_key)
             assert AWSKeyDetector().verify(
                 self.example_key,
                 '={}'.format(EXAMPLE_SECRET),
                 potential_secret,
             ) == VerifiedResult.VERIFIED_FALSE
+        mock_verify.assert_called_with(self.example_key, EXAMPLE_SECRET)
 
     def test_verify_keep_trying_until_found_something(self):
         data = {'count': 0}
@@ -109,12 +111,14 @@ def counter(*args, **kwargs):
     def test_verify_aws_secret_access_key_valid(self, mock_get_caller_info):
         mock_get_caller_info.return_value = mock.MagicMock(status_code=200)
         result = verify_aws_secret_access_key('test-access-key', 'test-secret-access-key')
+        mock_get_caller_info.assert_called_with('test-access-key', 'test-secret-access-key')
         assert result is True
 
     @mock.patch('detect_secrets.plugins.aws.get_caller_info')
     def test_verify_aws_secret_access_key_invalid(self, mock_get_caller_info):
         mock_get_caller_info.return_value = mock.MagicMock(status_code=403)
         result = verify_aws_secret_access_key('test-access-key', 'test-secret-access-key')
+        mock_get_caller_info.assert_called_with('test-access-key', 'test-secret-access-key')
         assert result is False