Merge branch 'feature/adding-lock-file-filter'

.secrets.baseline

@@ -251,7 +251,7 @@
         "filename": "docs/filters.md",
         "hashed_secret": "4566d0493d8a9b7a811728e852ed5df95fa70dd2",
         "is_verified": false,
-        "line_number": 55
+        "line_number": 56
       }
     ]
   },

detect_secrets/filters/heuristic.py

@@ -178,3 +178,16 @@ def is_indirect_reference(secret: str) -> bool:
             continue
 
     return output
+
+
+def is_lock_file(filename: str) -> bool:
+    return os.path.basename(filename) in {
+        'Brewfile.lock.json',
+        'Cartfile.resolved',
+        'composer.lock',
+        'Gemfile.lock',
+        'Package.resolved',
+        'package-lock.json',
+        'Podfile.lock',
+        'yarn.lock',
+    }

detect_secrets/settings.py

@@ -109,6 +109,7 @@ def clear(self) -> None:
                 'detect_secrets.filters.heuristic.is_templated_secret',
                 'detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign',
                 'detect_secrets.filters.heuristic.is_indirect_reference',
+                'detect_secrets.filters.heuristic.is_lock_file',
             }
         }
 

docs/filters.md

@@ -48,6 +48,7 @@ the `detect_secrets.filters` namespace.
 | `common.is_ignored_due_to_verification_policies` | Powers secret verification functionality.                                           |
 | `heuristic.is_indirect_reference`                | Primarily for `KeywordDetector`, filters secrets like `secret = get_secret_key()`.  |
 | `heuristic.is_likely_id_string`                  | Ignores secret values prefixed with `id`.                                           |
+| `heuristic.is_lock_file`                         | Ignores common lock files.                                                          |
 | `heuristic.is_non_text_file`                     | Ignores non-text files (e.g. archives, images).                                     |
 | `heuristic.is_potential_uuid`                    | Ignores uuid looking secret values.                                                 |
 | `heuristic.is_prefixed_with_dollar_sign`         | Primarily for `KeywordDetector`, filters secrets like `secret = $variableName;`.    |

tests/filters/heuristic_filter_test.py

@@ -127,3 +127,14 @@ def test_is_indirect_reference(line, result):
         }],
     }):
         assert bool(list(scan_line(line))) is result
+
+
+def test_is_lock_file():
+    # Basic test
+    assert filters.heuristic.is_lock_file('composer.lock')
+
+    # file path
+    assert filters.heuristic.is_lock_file('path/yarn.lock')
+
+    # assert non-regex
+    assert not filters.heuristic.is_lock_file('Gemfilealock')