From 52758fc9dacc88f0657d08936f35e3c9f1b228a9 Mon Sep 17 00:00:00 2001 From: Tristram Oaten Date: Mon, 9 Mar 2020 15:00:45 +0000 Subject: [PATCH 1/4] Not every company has a #security channel in slack/irc For us, in @alphagov, our #security channel is for physical security questions and our cyber security team hang out in #cybersecurity. This seems like the simplest way to get the message changed, working even for people who don't - or can't - use a config. My edits formatted with [black](https://github.com/psf/black) For example --- detect_secrets/pre_commit_hook.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/detect_secrets/pre_commit_hook.py b/detect_secrets/pre_commit_hook.py index 0543f02cc..73f3e0761 100644 --- a/detect_secrets/pre_commit_hook.py +++ b/detect_secrets/pre_commit_hook.py @@ -1,6 +1,7 @@ from __future__ import absolute_import from __future__ import unicode_literals +import os import subprocess import sys import textwrap @@ -205,12 +206,15 @@ def _print_secrets_found(secrets): def _print_mitigation_suggestions(): + security_team = os.environ.get("DETECT_SECRETS_SECURITY_TEAM", "in #security") suggestions = [ - 'For information about putting your secrets in a safer place, please ask in #security', - 'Mark false positives with an inline `pragma: allowlist secret` comment', - 'Commit with `--no-verify` if this is a one-time false positive', + "For information about putting your secrets in a safer place, please ask " + + security_team, + "Mark false positives with an inline `pragma: allowlist secret` comment", + "Commit with `--no-verify` if this is a one-time false positive", ] + wrapper = textwrap.TextWrapper( initial_indent=' - ', subsequent_indent=' ', From a7c130b8680099c5e98652e8eba88c019b391a8b Mon Sep 17 00:00:00 2001 From: Tristram Oaten Date: Mon, 9 Mar 2020 16:48:49 +0000 Subject: [PATCH 2/4] shorten lines for flake8 --- detect_secrets/pre_commit_hook.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/detect_secrets/pre_commit_hook.py b/detect_secrets/pre_commit_hook.py index 73f3e0761..91cff9c84 100644 --- a/detect_secrets/pre_commit_hook.py +++ b/detect_secrets/pre_commit_hook.py @@ -206,15 +206,18 @@ def _print_secrets_found(secrets): def _print_mitigation_suggestions(): - security_team = os.environ.get("DETECT_SECRETS_SECURITY_TEAM", "in #security") + security_team = os.environ.get( + "DETECT_SECRETS_SECURITY_TEAM", + "in #security" + ) suggestions = [ - "For information about putting your secrets in a safer place, please ask " - + security_team, - "Mark false positives with an inline `pragma: allowlist secret` comment", + "For information about putting your secrets in a safer place, " + "please ask " + security_team, + "Mark false positives with an inline" + "`pragma: allowlist secret` comment", "Commit with `--no-verify` if this is a one-time false positive", ] - wrapper = textwrap.TextWrapper( initial_indent=' - ', subsequent_indent=' ', From a0357ddbcb5b0e97b07c894c1b6877756b3ade3d Mon Sep 17 00:00:00 2001 From: Tristram Oaten Date: Mon, 9 Mar 2020 17:08:29 +0000 Subject: [PATCH 3/4] fix quotes and commas to standard --- detect_secrets/pre_commit_hook.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/detect_secrets/pre_commit_hook.py b/detect_secrets/pre_commit_hook.py index 91cff9c84..fb845303d 100644 --- a/detect_secrets/pre_commit_hook.py +++ b/detect_secrets/pre_commit_hook.py @@ -207,15 +207,15 @@ def _print_secrets_found(secrets): def _print_mitigation_suggestions(): security_team = os.environ.get( - "DETECT_SECRETS_SECURITY_TEAM", - "in #security" + 'DETECT_SECRETS_SECURITY_TEAM', + 'in #security' ) suggestions = [ - "For information about putting your secrets in a safer place, " - "please ask " + security_team, - "Mark false positives with an inline" - "`pragma: allowlist secret` comment", - "Commit with `--no-verify` if this is a one-time false positive", + 'For information about putting your secrets in a safer place, ' + + 'please ask ' + security_team, + 'Mark false positives with an inline ' + + '`pragma: allowlist secret` comment', + 'Commit with `--no-verify` if this is a one-time false positive', ] wrapper = textwrap.TextWrapper( From 035b8da17a3a65cfad23ab335447f1dac90f71b6 Mon Sep 17 00:00:00 2001 From: Tristram Oaten Date: Mon, 9 Mar 2020 17:08:29 +0000 Subject: [PATCH 4/4] Add trailing commas --- detect_secrets/pre_commit_hook.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/detect_secrets/pre_commit_hook.py b/detect_secrets/pre_commit_hook.py index 91cff9c84..fb845303d 100644 --- a/detect_secrets/pre_commit_hook.py +++ b/detect_secrets/pre_commit_hook.py @@ -207,15 +207,15 @@ def _print_secrets_found(secrets): def _print_mitigation_suggestions(): security_team = os.environ.get( - "DETECT_SECRETS_SECURITY_TEAM", - "in #security" + 'DETECT_SECRETS_SECURITY_TEAM', + 'in #security' ) suggestions = [ - "For information about putting your secrets in a safer place, " - "please ask " + security_team, - "Mark false positives with an inline" - "`pragma: allowlist secret` comment", - "Commit with `--no-verify` if this is a one-time false positive", + 'For information about putting your secrets in a safer place, ' + + 'please ask ' + security_team, + 'Mark false positives with an inline ' + + '`pragma: allowlist secret` comment', + 'Commit with `--no-verify` if this is a one-time false positive', ] wrapper = textwrap.TextWrapper(