bug fix: preventing infinite add for exclude regex

Yelp · Sep 28, 2018 · 0a6f767 · 0a6f767
1 parent 658ad0d
commit 0a6f767
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,7 +5,7 @@
 /.coverage
 /.pytest_cache
 /.tox
-/venv
+/venv**
 /tmp
 
 .*ignore

diff --git a/detect_secrets/main.py b/detect_secrets/main.py
@@ -86,8 +86,12 @@ def _perform_scan(args, plugins):
 
     # If we have knowledge of an existing baseline file, we should use
     # that knowledge and *not* scan that file.
-    if args.import_filename and args.exclude:
-        args.exclude += r'|^{}$'.format(args.import_filename[0])
+    if args.import_filename:
+        payload = '^{}$'.format(args.import_filename[0])
+        if args.exclude and payload not in args.exclude:
+            args.exclude += r'|{}'.format(payload)
+        elif not args.exclude:
+            args.exclude = payload
 
     new_baseline = baseline.initialize(
         plugins,

diff --git a/tests/main_test.py b/tests/main_test.py
@@ -1,4 +1,5 @@
 import json
+import shlex
 import textwrap
 from contextlib import contextmanager
 
@@ -16,11 +17,15 @@
 
 @pytest.fixture
 def mock_baseline_initialize():
-    secrets = secrets_collection_factory()
+    def mock_initialize_function(plugins, exclude_regex, *args, **kwargs):
+        return secrets_collection_factory(
+            plugins=plugins,
+            exclude_regex=exclude_regex,
+        )
 
     with mock.patch(
         'detect_secrets.main.baseline.initialize',
-        return_value=secrets,
+        side_effect=mock_initialize_function,
     ) as mock_initialize:
         yield mock_initialize
 
@@ -154,6 +159,10 @@ def test_reads_old_baseline_from_file(self, mock_merge_baseline):
                 '--exclude "secrets/.*"',
                 'secrets/.*|^old_baseline_file$',
             ),
+            (
+                '--exclude "^old_baseline_file$"',
+                '^old_baseline_file$',
+            ),
         ],
     )
     def test_old_baseline_ignored_with_update_flag(
@@ -168,13 +177,18 @@ def test_old_baseline_ignored_with_update_flag(
         ), mock.patch(
             # We don't want to be creating a file during test
             'detect_secrets.main._write_to_file',
-        ):
+        ) as file_writer:
             assert main(
-                'scan --update old_baseline_file {}'.format(
-                    exclude_param,
-                ).split(),
+                shlex.split(
+                    'scan --update old_baseline_file {}'.format(
+                        exclude_param,
+                    ),
+                ),
             ) == 0
 
+            assert json.loads(file_writer.call_args[0][1])['exclude_regex'] == \
+                expected_regex
+
     @pytest.mark.parametrize(
         'filename, expected_output',
         [