From 5814ee552da46be253c9a23e83c8442b763ca71a Mon Sep 17 00:00:00 2001 From: Aaron Loo Date: Thu, 26 Mar 2020 14:22:45 -0700 Subject: [PATCH] bumping detect-secrets==0.13.1 --- requirements-dev.txt | 2 +- testing/factories.py | 8 ++- tests/actions/initialize_test.py | 80 ++++++--------------------- tests/repos/base_tracked_repo_test.py | 26 ++++++--- 4 files changed, 44 insertions(+), 72 deletions(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index ed97c87..7169225 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -4,7 +4,7 @@ certifi==2019.11.28 cfgv==3.1.0 chardet==3.0.4 coverage==5.0.4 -detect-secrets==0.13.0 +detect-secrets==0.13.1 distlib==0.3.0 filelock==3.0.12 identify==1.4.13 diff --git a/testing/factories.py b/testing/factories.py index 596129c..2844153 100644 --- a/testing/factories.py +++ b/testing/factories.py @@ -22,18 +22,22 @@ def metadata_factory(repo, json=False, **kwargs): "base64_limit": 4.5, }, "BasicAuthDetector": {}, + "CloudantDetector": {}, "HexHighEntropyString": { "hex_limit": 3, }, + "IbmCloudIamDetector": {}, + "IbmCosHmacDetector": {}, + "JwtTokenDetector": {}, "KeywordDetector": { 'keyword_exclude': None }, - "JwtTokenDetector": {}, "MailchimpDetector": {}, "PrivateKeyDetector": {}, "SlackDetector": {}, - 'SoftlayerDetector': {}, + "SoftlayerDetector": {}, "StripeDetector": {}, + "TwilioKeyDetector": {}, }, "repo": repo, "sha": 'sha256-hash', diff --git a/tests/actions/initialize_test.py b/tests/actions/initialize_test.py index ce4817c..023d62b 100644 --- a/tests/actions/initialize_test.py +++ b/tests/actions/initialize_test.py @@ -15,8 +15,7 @@ from testing.util import cache_buster -class TestInitialize(object): - +class TestInitialize: def teardown(self): cache_buster() @@ -59,35 +58,11 @@ def test_simple_success(self, mock_rootdir): ) initialize(args) - repo_class.assert_called_with( - repo='git@github.com:yelp/detect-secrets', - sha='', - crontab='0 0 * * *', - plugins={ - 'AWSKeyDetector': {}, - 'ArtifactoryDetector': {}, - 'Base64HighEntropyString': { - 'base64_limit': 4.5, - }, - 'BasicAuthDetector': {}, - 'HexHighEntropyString': { - 'hex_limit': 3, - }, - 'JwtTokenDetector': {}, - 'MailchimpDetector': {}, - 'KeywordDetector': { - 'keyword_exclude': None, - }, - 'PrivateKeyDetector': {}, - 'SlackDetector': {}, - 'SoftlayerDetector': {}, - 'StripeDetector': {}, - }, - rootdir=mock_rootdir, - baseline_filename=None, - exclude_regex=None, - s3_config=None, - ) + kwargs = repo_class.call_args[1] + assert kwargs['repo'] == 'git@github.com:yelp/detect-secrets' + assert kwargs['sha'] == '' + assert kwargs['crontab'] == '0 0 * * *' + assert kwargs['rootdir'] == mock_rootdir @pytest.mark.parametrize( 'data,expected_repo_class', @@ -168,39 +143,20 @@ def test_repo_config_overrides_defaults(self, mock_rootdir): with mock_repo_class('BaseTrackedRepo') as repo_class: initialize(args) - repo_class.assert_called_with( - repo='git@github.com:yelp/detect-secrets', - sha='', - crontab='* * 4 * *', - plugins={ - # (No PrivateKeyDetector due to being False above) - 'ArtifactoryDetector': {}, - 'AWSKeyDetector': {}, - 'Base64HighEntropyString': { - 'base64_limit': 2.0, - }, - 'BasicAuthDetector': {}, - 'HexHighEntropyString': { - 'hex_limit': 4.0, - }, - 'JwtTokenDetector': {}, - 'MailchimpDetector': {}, - 'KeywordDetector': { - 'keyword_exclude': None, - }, - 'SlackDetector': {}, - 'SoftlayerDetector': {}, - 'StripeDetector': {}, - }, - rootdir=mock_rootdir, - baseline_filename='baseline.file', - exclude_regex='something_here', - s3_config=None, - ) - + kwargs = repo_class.call_args[1] + assert kwargs['repo'] == 'git@github.com:yelp/detect-secrets' + assert kwargs['sha'] == '' + assert kwargs['crontab'] == '* * 4 * *' + # NOTE: This is disabled, since it's `False` above. + assert 'PrivateKeyDetector' not in kwargs['plugins'] + assert kwargs['plugins']['Base64HighEntropyString']['base64_limit'] == 2.0 + assert kwargs['plugins']['HexHighEntropyString']['hex_limit'] == 4.0 + assert kwargs['rootdir'] == mock_rootdir + assert kwargs['baseline_filename'] == 'baseline.file' + assert kwargs['exclude_regex'] == 'something_here' -class TestAddRepo(object): +class TestAddRepo: @staticmethod def parse_args(argument_string='', has_s3=False): with mock.patch( diff --git a/tests/repos/base_tracked_repo_test.py b/tests/repos/base_tracked_repo_test.py index 463c5a6..2cca7e7 100644 --- a/tests/repos/base_tracked_repo_test.py +++ b/tests/repos/base_tracked_repo_test.py @@ -64,8 +64,9 @@ def test_no_baseline(self, mock_logic, mock_rootdir): with mock_git_calls(*self.git_calls(mock_rootdir)): secrets = repo.scan() - # It matches both HexHighEntropyString and AWSKeyDetector - assert len(secrets.data['examples/aws_credentials.json']) == 2 + # It matches both HexHighEntropyString, AWSKeyDetector and + # IBM COS HMAC credentials + assert len(secrets.data['examples/aws_credentials.json']) == 3 def test_exclude_files(self, mock_logic, mock_rootdir): repo = mock_logic() @@ -75,15 +76,17 @@ def test_exclude_files(self, mock_logic, mock_rootdir): assert 'examples/aws_credentials.json' not in secrets.data @pytest.mark.parametrize( - 'exclude_lines_regex, expected_line_number', + 'exclude_lines_regex, expected_line_number, expected_num_secrets', [ ( r'accessKeyId', - 3 + 3, + 2, ), ( r'secretAccessKey', 2, + 1, ), ], ) @@ -93,13 +96,14 @@ def test_exclude_lines( mock_rootdir, exclude_lines_regex, expected_line_number, + expected_num_secrets, ): repo = mock_logic() with mock_git_calls(*self.git_calls(mock_rootdir)): secrets = repo.scan(exclude_lines_regex=exclude_lines_regex) assert len(secrets.data) == 1 - assert len(secrets.data['examples/aws_credentials.json']) == 1 + assert len(secrets.data['examples/aws_credentials.json']) == expected_num_secrets for _, secret in secrets.data['examples/aws_credentials.json'].items(): assert secret.lineno == expected_line_number @@ -116,7 +120,7 @@ def test_unable_to_find_baseline(self, mock_logic, mock_rootdir): with mock_git_calls(*calls): secrets = repo.scan() - assert len(secrets.data['examples/aws_credentials.json']) == 2 + assert len(secrets.data['examples/aws_credentials.json']) == 3 def test_no_baseline_file_provided(self, mock_logic, mock_rootdir): repo = mock_logic( @@ -125,7 +129,7 @@ def test_no_baseline_file_provided(self, mock_logic, mock_rootdir): with mock_git_calls(*self.git_calls(mock_rootdir)[:-1]): secrets = repo.scan() - assert len(secrets.data['examples/aws_credentials.json']) == 2 + assert len(secrets.data['examples/aws_credentials.json']) == 3 def test_scan_with_baseline(self, mock_logic, mock_rootdir): baseline = json.dumps({ @@ -141,6 +145,11 @@ def test_scan_with_baseline(self, mock_logic, mock_rootdir): 'hashed_secret': '25910f981e85ca04baf359199dd0bd4a3ae738b6', 'line_number': 3, # does not matter }, + { + 'type': 'IBM COS HMAC Credentials', + 'hashed_secret': '9c6e0753631454e4ab8d896c242dcf4f8300fd57', + 'line_number': 3, # does not matter + }, ], }, 'exclude_regex': '', @@ -152,6 +161,9 @@ def test_scan_with_baseline(self, mock_logic, mock_rootdir): { 'name': 'AWSKeyDetector', }, + { + 'name': 'IbmCosHmacDetector', + }, ], })