From 0b2700251f03d96757349a87fc07425dc0a4973b Mon Sep 17 00:00:00 2001 From: Kevin Hock Date: Tue, 31 Jul 2018 11:35:11 -0700 Subject: [PATCH 1/4] Add min(debug_level, 2) So that 3 v's e.g. `-vvv` would not cause a KeyError, and default to logging.DEBUG --- detect_secrets/core/log.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/detect_secrets/core/log.py b/detect_secrets/core/log.py index 4787e9eeb..c0898778d 100644 --- a/detect_secrets/core/log.py +++ b/detect_secrets/core/log.py @@ -43,7 +43,9 @@ def _set_debug_level(self, debug_level): 2: logging.DEBUG, } - self.setLevel(mapping[debug_level]) + self.setLevel( + mapping[min(debug_level, 2)], + ) log = get_logger() From a9973a731232ac2a66603f86e3abf02294c6b483 Mon Sep 17 00:00:00 2001 From: Kevin Hock Date: Tue, 31 Jul 2018 11:39:37 -0700 Subject: [PATCH 2/4] Replace 5 spaces preceding comment with 2 spaces --- detect_secrets/core/secrets_collection.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/detect_secrets/core/secrets_collection.py b/detect_secrets/core/secrets_collection.py index 0ff2e0c01..e74cbcaff 100644 --- a/detect_secrets/core/secrets_collection.py +++ b/detect_secrets/core/secrets_collection.py @@ -311,7 +311,7 @@ def json(self): for secret_hash in self.data[filename]: tmp = self.data[filename][secret_hash].json() - del tmp['filename'] # not necessary + del tmp['filename'] # not necessary output[filename].append(tmp) From 06db4b07c92ecd9d1464cc1f601c858ce2c1db8a Mon Sep 17 00:00:00 2001 From: Kevin Hock Date: Tue, 31 Jul 2018 12:24:11 -0700 Subject: [PATCH 3/4] Change Eg. to e.g., delete commented out code --- detect_secrets/core/potential_secret.py | 4 +--- detect_secrets/core/secrets_collection.py | 2 +- detect_secrets/core/usage.py | 2 +- detect_secrets/plugins/core/ini_file_parser.py | 2 +- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/detect_secrets/core/potential_secret.py b/detect_secrets/core/potential_secret.py index ad40964fb..f965a1e6e 100644 --- a/detect_secrets/core/potential_secret.py +++ b/detect_secrets/core/potential_secret.py @@ -19,7 +19,7 @@ def __init__(self, typ, filename, lineno, secret): :type typ: str :param typ: human-readable secret type, defined by the plugin that generated this PotentialSecret. - Eg. "High Entropy String" + e.g. "High Entropy String" :type filename: str :param filename: name of file that this secret was found @@ -80,9 +80,7 @@ def __str__(self): # pragma: no cover return ( "Secret Type: %s\n" "Location: %s:%d\n" - # "Hash: %s\n" ) % ( self.type, self.filename, self.lineno, - # self.secret_hash ) diff --git a/detect_secrets/core/secrets_collection.py b/detect_secrets/core/secrets_collection.py index e74cbcaff..4c5b0c80f 100644 --- a/detect_secrets/core/secrets_collection.py +++ b/detect_secrets/core/secrets_collection.py @@ -111,7 +111,7 @@ def scan_diff( :type diff: str :param diff: diff string. - Eg. The output of `git diff ` + e.g. The output of `git diff ` :type baseline_filename: str :param baseline_filename: if there are any baseline secrets, then the baseline diff --git a/detect_secrets/core/usage.py b/detect_secrets/core/usage.py index 2305f8c9b..a057f3a2b 100644 --- a/detect_secrets/core/usage.py +++ b/detect_secrets/core/usage.py @@ -151,7 +151,7 @@ class PluginDescriptor(namedtuple( # Classname of plugin; used for initialization 'classname', - # Flag to disable plugin. Eg. `--no-hex-string-scan` + # Flag to disable plugin. e.g. `--no-hex-string-scan` 'disable_flag_text', # Description for disable flag. diff --git a/detect_secrets/plugins/core/ini_file_parser.py b/detect_secrets/plugins/core/ini_file_parser.py index 75be85806..1bfd8db6f 100644 --- a/detect_secrets/plugins/core/ini_file_parser.py +++ b/detect_secrets/plugins/core/ini_file_parser.py @@ -37,7 +37,7 @@ def _get_value_and_line_offset(self, key, values): :type values: str :param values: values for key, in config file. This is plural, - because you can have multiple values per key. Eg. + because you can have multiple values per key. e.g. >>> key = ... value1 From 710d96eafe1ce18090a4db75e5488a1b07874940 Mon Sep 17 00:00:00 2001 From: Kevin Hock Date: Tue, 31 Jul 2018 13:27:18 -0700 Subject: [PATCH 4/4] Make is_secret an attribute of PotentialSecret And make _load_baseline_from_dict pick it up, so that it does not get removed when e.g. lines move around. Add is_secret attribute to _create_baseline() in pre_commit_hook_test.py so that TestPreCommitHook.test_writes_new_baseline_if_modified covers the change. Fixes https://github.com/Yelp/detect-secrets/issues/60 --- detect_secrets/core/potential_secret.py | 16 +++++++++++++++- detect_secrets/core/secrets_collection.py | 3 ++- tests/pre_commit_hook_test.py | 1 + 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/detect_secrets/core/potential_secret.py b/detect_secrets/core/potential_secret.py index f965a1e6e..8603b9983 100644 --- a/detect_secrets/core/potential_secret.py +++ b/detect_secrets/core/potential_secret.py @@ -14,7 +14,14 @@ class PotentialSecret(object): without actually knowing what the secret is. """ - def __init__(self, typ, filename, lineno, secret): + def __init__( + self, + typ, + filename, + lineno, + secret, + is_secret=None, + ): """ :type typ: str :param typ: human-readable secret type, defined by the plugin @@ -30,11 +37,15 @@ def __init__(self, typ, filename, lineno, secret): :type secret: str :param secret: the actual secret identified + + :type is_secret: bool|None + :param is_secret: whether or not the secret is a true- or false- positive """ self.type = typ self.filename = filename self.lineno = lineno self.secret_hash = self.hash_secret(secret) + self.is_secret = is_secret # If two PotentialSecrets have the same values for these fields, # they are considered equal. Note that line numbers aren't included @@ -60,6 +71,9 @@ def json(self): 'hashed_secret': self.secret_hash, } + if self.is_secret is not None: + attributes['is_secret'] = self.is_secret + return attributes def __eq__(self, other): diff --git a/detect_secrets/core/secrets_collection.py b/detect_secrets/core/secrets_collection.py index 4c5b0c80f..7b24cda6c 100644 --- a/detect_secrets/core/secrets_collection.py +++ b/detect_secrets/core/secrets_collection.py @@ -89,7 +89,8 @@ def _load_baseline_from_dict(cls, data): item['type'], filename, item['line_number'], - 'will be replaced', + secret='will be replaced', + is_secret=item.get('is_secret'), ) secret.secret_hash = item['hashed_secret'] result.data[filename][secret] = secret diff --git a/tests/pre_commit_hook_test.py b/tests/pre_commit_hook_test.py index 74d77f3de..6d730dab7 100644 --- a/tests/pre_commit_hook_test.py +++ b/tests/pre_commit_hook_test.py @@ -200,6 +200,7 @@ def _create_baseline(): 'test_data/files/file_with_secrets.py': [ { 'type': 'Base64 High Entropy String', + 'is_secret': True, 'line_number': 3, 'hashed_secret': PotentialSecret.hash_secret(base64_secret), },