Merge pull request #83 from operasoftware/fixes-for-audit

Fixes for audit
Yelp · Oct 10, 2018 · 680f00a · 680f00a
2 parents 3d7c059 + 01cde91
commit 680f00a
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 8 deletions.
diff --git a/detect_secrets/core/audit.py b/detect_secrets/core/audit.py
@@ -248,8 +248,12 @@ def _get_secret_with_context(
     if len(output) < end_line - start_line + 1:
         # This handles the case of a short file.
         num_lines_in_file = int(subprocess.check_output([
-            'wc',
-            '-l',
+            # https://stackoverflow.com/a/38870057
+            # - 'wc -l' cannot be used here because if the last char
+            # of the file isn't \n, then the last line isn't counted
+            'grep',
+            '-c',
+            '',
             filename,
         ]).decode('utf-8').split()[0])
 
@@ -324,11 +328,14 @@ def _highlight_secret(secret_line, secret_lineno, secret, filename, plugin_setti
     else:
         raise SecretNotFoundOnSpecifiedLineError(secret_lineno)
 
-    index_of_secret = secret_line.index(raw_secret)
+    index_of_secret = secret_line.lower().index(raw_secret.lower())
+    end_of_secret = index_of_secret + len(raw_secret)
     return '{}{}{}'.format(
         secret_line[:index_of_secret],
         BashColor.color(
-            raw_secret,
+            # copy the secret out of the line because .lower() from secret
+            # generator may be different from the original value:
+            secret_line[index_of_secret:end_of_secret],
             Color.RED,
         ),
         secret_line[index_of_secret + len(raw_secret):],

diff --git a/detect_secrets/plugins/keyword.py b/detect_secrets/plugins/keyword.py
@@ -32,7 +32,9 @@
 
 
 BLACKLIST = (
-    'PASS =',
+    # NOTE all values here should be lowercase,
+    # otherwise _secret_generator can fail to match them
+    'pass =',
     'password',
     'passwd',
     'pwd',
@@ -55,7 +57,7 @@ def analyze_string(self, string, line_num, filename):
         if WHITELIST_REGEX.search(string):
             return output
 
-        for identifier in self.secret_generator(string.lower()):
+        for identifier in self.secret_generator(string):
             secret = PotentialSecret(
                 self.secret_type,
                 filename,
@@ -66,7 +68,10 @@ def analyze_string(self, string, line_num, filename):
 
         return output
 
-    def secret_generator(self, string):
+    def _secret_generator(self, lowercase_string):
         for line in BLACKLIST:
-            if line in string:
+            if line in lowercase_string:
                 yield line
+
+    def secret_generator(self, string):
+        return self._secret_generator(string.lower())
diff --git a/tests/plugins/keyword_test.py b/tests/plugins/keyword_test.py
@@ -18,6 +18,9 @@ class TestKeywordDetector(object):
             (
                 'token = "noentropy"'
             ),
+            (
+                'PASSWORD = "verysimple"'
+            ),
         ],
     )
     def test_analyze(self, file_content):
@@ -28,3 +31,5 @@ def test_analyze(self, file_content):
         assert len(output) == 1
         for potential_secret in output:
             assert 'mock_filename' == potential_secret.filename
+        generated = list(logic.secret_generator(file_content))
+        assert len(generated) == len(output)