Skip to content

Commit

Permalink
adding basic auth plugin
Browse files Browse the repository at this point in the history
  • Loading branch information
Aaron Loo committed Sep 8, 2018
1 parent c393454 commit 590dee1
Show file tree
Hide file tree
Showing 6 changed files with 64 additions and 0 deletions.
5 changes: 5 additions & 0 deletions detect_secrets/core/usage.py
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,11 @@ class PluginOptions(object):
disable_flag_text='--no-private-key-scan',
disable_help_text='Disables scanning for private keys.',
),
PluginDescriptor(
classname='BasicAuthDetector',
disable_flag_text='--no-basic-auth-scan',
disable_help_text='Disables scanning for Basic Auth formatted URIs.',
),
]

def __init__(self, parser):
Expand Down
35 changes: 35 additions & 0 deletions detect_secrets/plugins/basic_auth.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
from __future__ import absolute_import

import re

from .base import BasePlugin
from detect_secrets.core.potential_secret import PotentialSecret


BASIC_AUTH_REGEX = re.compile(
r'.*?://[^:]+:([^@]+)@',
)


class BasicAuthDetector(BasePlugin):

secret_type = 'Basic Auth Credentials'

def analyze_string(self, string, line_num, filename):
output = {}

for result in self.secret_generator(string):
secret = PotentialSecret(
self.secret_type,
filename,
line_num,
result,
)
output[secret] = secret

return output

def secret_generator(self, string):
results = BASIC_AUTH_REGEX.findall(string)
for result in results:
yield result
1 change: 1 addition & 0 deletions detect_secrets/plugins/core/initialize.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
from functools32 import lru_cache

from ..base import BasePlugin
from ..basic_auth import BasicAuthDetector # noqa: F401
from ..high_entropy_strings import Base64HighEntropyString # noqa: F401
from ..high_entropy_strings import HexHighEntropyString # noqa: F401
from ..private_key import PrivateKeyDetector # noqa: F401
Expand Down
1 change: 1 addition & 0 deletions tests/core/usage_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ def test_consolidates_output_basic(self):
'HexHighEntropyString': {
'hex_limit': 3,
},
'BasicAuthDetector': {},
'Base64HighEntropyString': {
'base64_limit': 4.5,
},
Expand Down
2 changes: 2 additions & 0 deletions tests/main_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ def test_scan_string_basic(self, mock_baseline_initialize):
assert main('scan --string'.split()) == 0
assert printer_shim.message == textwrap.dedent("""
Base64HighEntropyString: False (3.459)
BasicAuthDetector : False
HexHighEntropyString : True (3.459)
PrivateKeyDetector : False
""")[1:]
Expand All @@ -99,6 +100,7 @@ def test_scan_string_cli_overrides_stdin(self):
assert main('scan --string 012345'.split()) == 0
assert printer_shim.message == textwrap.dedent("""
Base64HighEntropyString: False (2.585)
BasicAuthDetector : False
HexHighEntropyString : False (2.121)
PrivateKeyDetector : False
""")[1:]
Expand Down
20 changes: 20 additions & 0 deletions tests/plugins/basic_auth_test.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
from __future__ import absolute_import

import pytest

from detect_secrets.plugins.basic_auth import BasicAuthDetector


class TestBasicAuthDetector(object):

@pytest.mark.parametrize(
'payload, should_flag',
[
('https://username:password@yelp.com', True,),
],
)
def test_analyze_string(self, payload, should_flag):
logic = BasicAuthDetector()

output = logic.analyze_string(payload, 1, 'mock_filename')
assert len(output) == int(should_flag)

0 comments on commit 590dee1

Please sign in to comment.