Skip to content

Commit

Permalink
Fix Cloud IAM detector bug (Yelp#221)
Browse files Browse the repository at this point in the history 
* Fix Cloud IAM detector bug

* Test the failing syntax apikey:<key>

* Make ibm cloud iam keywords optional
  • Loading branch information
@justineyster
justineyster committed Jun 24, 2020
1 parent 38b79c8 commit d036879
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 6 deletions.
8 changes: 4 additions & 4 deletions detect_secrets/plugins/ibm_cloud_iam.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,15 @@ class IBMCloudIAMDetector(RegexBasedDetector):
secret_type = 'IBM Cloud IAM Key'

# opt means optional
ibm_cloud_iam = r'(?:ibm(?:_|-|)cloud(?:_|-|)iam|cloud(?:_|-|)iam|' + \
r'ibm(?:_|-|)cloud|ibm(?:_|-|)iam|ibm|iam|cloud)'
opt_ibm_cloud_iam = r'(?:ibm(?:_|-|)cloud(?:_|-|)iam|cloud(?:_|-|)iam|' + \
r'ibm(?:_|-|)cloud|ibm(?:_|-|)iam|ibm|iam|cloud|)'
opt_dash_undrscr = r'(?:_|-|)'
opt_api = r'(?:api|)'
key_or_pass = r'(?:key|pwd|password|pass|token)'
secret = r'([a-zA-z0-9_\-]{44})'
secret = r'([a-zA-Z0-9_\-]{44})'
denylist = [
RegexBasedDetector.assign_regex_generator(
prefix_regex=ibm_cloud_iam + opt_dash_undrscr + opt_api,
prefix_regex=opt_ibm_cloud_iam + opt_dash_undrscr + opt_api,
password_keyword_regex=key_or_pass,
password_regex=secret,
),
Expand Down
5 changes: 3 additions & 2 deletions tests/plugins/ibm_cloud_iam_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
from detect_secrets.plugins.ibm_cloud_iam import IBMCloudIAMDetector


CLOUD_IAM_KEY = 'abcd1234abcd1234abcd1234abcd1234abcd1234--__'
CLOUD_IAM_KEY_BYTES = b'abcd1234abcd1234abcd1234abcd1234abcd1234--__'
CLOUD_IAM_KEY = 'abcd1234abcd1234abcd1234ABCD1234ABCD1234--__'
CLOUD_IAM_KEY_BYTES = b'abcd1234abcd1234abcd1234ABCD1234ABCD1234--__'


class TestIBMCloudIamDetector:
Expand Down Expand Up @@ -45,6 +45,7 @@ class TestIBMCloudIamDetector:
('ibm_api_key:="{cloud_iam_key}"'.format(cloud_iam_key=CLOUD_IAM_KEY), True),
('ibm_password = "{cloud_iam_key}"'.format(cloud_iam_key=CLOUD_IAM_KEY), True),
('ibm-cloud-pwd = {cloud_iam_key}'.format(cloud_iam_key=CLOUD_IAM_KEY), True),
('apikey:{cloud_iam_key}'.format(cloud_iam_key=CLOUD_IAM_KEY), True),
('iam_api_key="%s" % IBM_IAM_API_KEY_ENV', False),
('CLOUD_APIKEY: "insert_key_here"', False),
('cloud-iam-key:=afakekey', False),
Expand Down

0 comments on commit d036879

Please sign in to comment.