Skip to content

Commit

Permalink
bumping detect-secrets==0.13.1
Browse files Browse the repository at this point in the history
  • Loading branch information
Aaron Loo committed Mar 26, 2020
1 parent 6f985c6 commit 5814ee5
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 72 deletions.
2 changes: 1 addition & 1 deletion requirements-dev.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ certifi==2019.11.28
cfgv==3.1.0
chardet==3.0.4
coverage==5.0.4
detect-secrets==0.13.0
detect-secrets==0.13.1
distlib==0.3.0
filelock==3.0.12
identify==1.4.13
Expand Down
8 changes: 6 additions & 2 deletions testing/factories.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,18 +22,22 @@ def metadata_factory(repo, json=False, **kwargs):
"base64_limit": 4.5,
},
"BasicAuthDetector": {},
"CloudantDetector": {},
"HexHighEntropyString": {
"hex_limit": 3,
},
"IbmCloudIamDetector": {},
"IbmCosHmacDetector": {},
"JwtTokenDetector": {},
"KeywordDetector": {
'keyword_exclude': None
},
"JwtTokenDetector": {},
"MailchimpDetector": {},
"PrivateKeyDetector": {},
"SlackDetector": {},
'SoftlayerDetector': {},
"SoftlayerDetector": {},
"StripeDetector": {},
"TwilioKeyDetector": {},
},
"repo": repo,
"sha": 'sha256-hash',
Expand Down
80 changes: 18 additions & 62 deletions tests/actions/initialize_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,7 @@
from testing.util import cache_buster


class TestInitialize(object):

class TestInitialize:
def teardown(self):
cache_buster()

Expand Down Expand Up @@ -59,35 +58,11 @@ def test_simple_success(self, mock_rootdir):
)
initialize(args)

repo_class.assert_called_with(
repo='git@github.com:yelp/detect-secrets',
sha='',
crontab='0 0 * * *',
plugins={
'AWSKeyDetector': {},
'ArtifactoryDetector': {},
'Base64HighEntropyString': {
'base64_limit': 4.5,
},
'BasicAuthDetector': {},
'HexHighEntropyString': {
'hex_limit': 3,
},
'JwtTokenDetector': {},
'MailchimpDetector': {},
'KeywordDetector': {
'keyword_exclude': None,
},
'PrivateKeyDetector': {},
'SlackDetector': {},
'SoftlayerDetector': {},
'StripeDetector': {},
},
rootdir=mock_rootdir,
baseline_filename=None,
exclude_regex=None,
s3_config=None,
)
kwargs = repo_class.call_args[1]
assert kwargs['repo'] == 'git@github.com:yelp/detect-secrets'
assert kwargs['sha'] == ''
assert kwargs['crontab'] == '0 0 * * *'
assert kwargs['rootdir'] == mock_rootdir

@pytest.mark.parametrize(
'data,expected_repo_class',
Expand Down Expand Up @@ -168,39 +143,20 @@ def test_repo_config_overrides_defaults(self, mock_rootdir):
with mock_repo_class('BaseTrackedRepo') as repo_class:
initialize(args)

repo_class.assert_called_with(
repo='git@github.com:yelp/detect-secrets',
sha='',
crontab='* * 4 * *',
plugins={
# (No PrivateKeyDetector due to being False above)
'ArtifactoryDetector': {},
'AWSKeyDetector': {},
'Base64HighEntropyString': {
'base64_limit': 2.0,
},
'BasicAuthDetector': {},
'HexHighEntropyString': {
'hex_limit': 4.0,
},
'JwtTokenDetector': {},
'MailchimpDetector': {},
'KeywordDetector': {
'keyword_exclude': None,
},
'SlackDetector': {},
'SoftlayerDetector': {},
'StripeDetector': {},
},
rootdir=mock_rootdir,
baseline_filename='baseline.file',
exclude_regex='something_here',
s3_config=None,
)

kwargs = repo_class.call_args[1]
assert kwargs['repo'] == 'git@github.com:yelp/detect-secrets'
assert kwargs['sha'] == ''
assert kwargs['crontab'] == '* * 4 * *'
# NOTE: This is disabled, since it's `False` above.
assert 'PrivateKeyDetector' not in kwargs['plugins']
assert kwargs['plugins']['Base64HighEntropyString']['base64_limit'] == 2.0
assert kwargs['plugins']['HexHighEntropyString']['hex_limit'] == 4.0
assert kwargs['rootdir'] == mock_rootdir
assert kwargs['baseline_filename'] == 'baseline.file'
assert kwargs['exclude_regex'] == 'something_here'

class TestAddRepo(object):

class TestAddRepo:
@staticmethod
def parse_args(argument_string='', has_s3=False):
with mock.patch(
Expand Down
26 changes: 19 additions & 7 deletions tests/repos/base_tracked_repo_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,9 @@ def test_no_baseline(self, mock_logic, mock_rootdir):
with mock_git_calls(*self.git_calls(mock_rootdir)):
secrets = repo.scan()

# It matches both HexHighEntropyString and AWSKeyDetector
assert len(secrets.data['examples/aws_credentials.json']) == 2
# It matches both HexHighEntropyString, AWSKeyDetector and
# IBM COS HMAC credentials
assert len(secrets.data['examples/aws_credentials.json']) == 3

def test_exclude_files(self, mock_logic, mock_rootdir):
repo = mock_logic()
Expand All @@ -75,15 +76,17 @@ def test_exclude_files(self, mock_logic, mock_rootdir):
assert 'examples/aws_credentials.json' not in secrets.data

@pytest.mark.parametrize(
'exclude_lines_regex, expected_line_number',
'exclude_lines_regex, expected_line_number, expected_num_secrets',
[
(
r'accessKeyId',
3
3,
2,
),
(
r'secretAccessKey',
2,
1,
),
],
)
Expand All @@ -93,13 +96,14 @@ def test_exclude_lines(
mock_rootdir,
exclude_lines_regex,
expected_line_number,
expected_num_secrets,
):
repo = mock_logic()
with mock_git_calls(*self.git_calls(mock_rootdir)):
secrets = repo.scan(exclude_lines_regex=exclude_lines_regex)

assert len(secrets.data) == 1
assert len(secrets.data['examples/aws_credentials.json']) == 1
assert len(secrets.data['examples/aws_credentials.json']) == expected_num_secrets

for _, secret in secrets.data['examples/aws_credentials.json'].items():
assert secret.lineno == expected_line_number
Expand All @@ -116,7 +120,7 @@ def test_unable_to_find_baseline(self, mock_logic, mock_rootdir):
with mock_git_calls(*calls):
secrets = repo.scan()

assert len(secrets.data['examples/aws_credentials.json']) == 2
assert len(secrets.data['examples/aws_credentials.json']) == 3

def test_no_baseline_file_provided(self, mock_logic, mock_rootdir):
repo = mock_logic(
Expand All @@ -125,7 +129,7 @@ def test_no_baseline_file_provided(self, mock_logic, mock_rootdir):
with mock_git_calls(*self.git_calls(mock_rootdir)[:-1]):
secrets = repo.scan()

assert len(secrets.data['examples/aws_credentials.json']) == 2
assert len(secrets.data['examples/aws_credentials.json']) == 3

def test_scan_with_baseline(self, mock_logic, mock_rootdir):
baseline = json.dumps({
Expand All @@ -141,6 +145,11 @@ def test_scan_with_baseline(self, mock_logic, mock_rootdir):
'hashed_secret': '25910f981e85ca04baf359199dd0bd4a3ae738b6',
'line_number': 3, # does not matter
},
{
'type': 'IBM COS HMAC Credentials',
'hashed_secret': '9c6e0753631454e4ab8d896c242dcf4f8300fd57',
'line_number': 3, # does not matter
},
],
},
'exclude_regex': '',
Expand All @@ -152,6 +161,9 @@ def test_scan_with_baseline(self, mock_logic, mock_rootdir):
{
'name': 'AWSKeyDetector',
},
{
'name': 'IbmCosHmacDetector',
},
],
})

Expand Down

0 comments on commit 5814ee5

Please sign in to comment.