🎉 Add --custom-plugins feature

- 🐍 Add add_shared_arguments() function in usage.py for DRYness - 🐛 Fix issue #242 via passing `should_verify_secrets=not args.no_verify` to `from_parser_builder` call - 🐛 Fix sorting issue in format_baseline_for_output() where --update and regular scan had different secret order - 💯 All non-separated out files again :D - 🎓 Mention `--custom-plugins` in README - 🎓 Standardize NOTE -> Note - 🐛 Fix test pollution due to `all_plugins` cls attribute - 🐍 Change all relative imports to absolute, to avoid broken imports if someone copies an existing plugin to make a custom plugin 🙈 Hacks located in `def parse_args` of usage.py
Yelp · May 30, 2020 · d579ac8 · d579ac8
1 parent 32afceb
commit d579ac8
Show file tree

Hide file tree

Showing 42 changed files with 752 additions and 279 deletions.
diff --git a/README.md b/README.md
@@ -36,6 +36,7 @@ For a look at recent changes, please see [CHANGELOG.md](https://github.com/Yelp/
 
 If you are looking to contribute, please see [CONTRIBUTING.md](https://github.com/Yelp/detect-secrets/blob/master/CONTRIBUTING.md).
 
+
 ## Example Usage
 
 ### Setting Up a Baseline
@@ -44,6 +45,7 @@ If you are looking to contribute, please see [CONTRIBUTING.md](https://github.co
 $ detect-secrets scan > .secrets.baseline
 ```
 
+
 ### pre-commit Hook
 
 ```
@@ -56,12 +58,14 @@ $ cat .pre-commit-config.yaml
         exclude: .*/tests/.*
 ```
 
+
 ### Auditing a Baseline
 
 ```
 $ detect-secrets audit .secrets.baseline
 ```
 
+
 ### Upgrading Baselines
 
 This is only applicable for upgrading baselines that have been created after version 0.9.
@@ -71,6 +75,7 @@ For upgrading baselines lower than that version, just recreate it.
 $ detect-secrets scan --update .secrets.baseline
 ```
 
+
 ### Command Line
 
 `detect-secrets` is designed to be used as a git pre-commit hook, but you can also invoke `detect-secrets scan [path]` directly being `path` the file(s) and/or directory(ies) to scan (`path` defaults to `.` if not specified).
@@ -93,6 +98,7 @@ either the client-side pre-commit hook, or the server-side secret scanner.
 3. **Secrets Baseline**, to allowlist pre-existing secrets in the repository,
    so that they won't be continuously caught through scan iterations.
 
+
 ### Client-side `pre-commit` Hook
 
 See [pre-commit](https://github.com/pre-commit/pre-commit) for instructions
@@ -115,6 +121,7 @@ git diff --staged --name-only | xargs detect-secrets-hook
 Please see the [detect-secrets-server](https://github.com/Yelp/detect-secrets-server)
 repository for installation instructions.
 
+
 ### Secrets Baseline
 
 ```
@@ -150,6 +157,7 @@ This may be a convenient way for you to allowlist secrets, without having to
 regenerate the entire baseline again. Furthermore, this makes the allowlisted
 secrets easily searchable, auditable, and maintainable.
 
+
 ## Currently Supported Plugins
 
 The current heuristic searches we implement out of the box include:
@@ -181,18 +189,23 @@ See [detect_secrets/
 plugins](https://github.com/Yelp/detect-secrets/tree/master/detect_secrets/plugins)
 for more details.
 
+There is also a `--custom-plugins` option in which you can bring your own plugins, e.g. `detect-secrets scan --custom-plugins testing/custom_plugins_dir/ --custom-plugins testing/hippo_plugin.py`.
+
+
 ## Caveats
 
 This is not meant to be a sure-fire solution to prevent secrets from entering
 the codebase. Only proper developer education can truly do that. This pre-commit
 hook merely implements several heuristics to try and prevent obvious cases of
 committing secrets.
 
+
 ### Things that won't be prevented
 
 * Multi-line secrets
 * Default passwords that don't trigger the `KeywordDetector` (e.g. `login = "hunter2"`)
 
+
 ### Plugin Configuration
 
 One method that this package uses to find secrets is by searching for high