From a2e01f495be99f1e8a99b28128bd3a207184f910 Mon Sep 17 00:00:00 2001 From: Xianjun Zhu Date: Wed, 3 Apr 2019 17:14:56 -0400 Subject: [PATCH 1/2] feature: support whitelist for xml --- detect_secrets/plugins/common/constants.py | 11 ++++++----- tests/plugins/high_entropy_strings_test.py | 4 ++++ 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/detect_secrets/plugins/common/constants.py b/detect_secrets/plugins/common/constants.py index 3ae46b512..3f7b1a0df 100644 --- a/detect_secrets/plugins/common/constants.py +++ b/detect_secrets/plugins/common/constants.py @@ -6,11 +6,12 @@ for r in [ r'[ \t]+{} *pragma: ?whitelist[ -]secret{}[ \t]*$'.format(start, end) for start, end in ( - ('#', ''), # e.g. python or yaml - ('//', ''), # e.g. golang - (r'/\*', r' *\*/'), # e.g. c - ('\'', ''), # e.g. visual basic .net - ('--', ''), # e.g. sql + ('#', ''), # e.g. python or yaml + ('//', ''), # e.g. golang + (r'/\*', r' *\*/'), # e.g. c + ('\'', ''), # e.g. visual basic .net + ('--', ''), # e.g. sql + (''), # e.g. xml # many other inline comment syntaxes are not included, # because we want to be performant for # any(regex.search(line) for regex in WHITELIST_REGEXES) diff --git a/tests/plugins/high_entropy_strings_test.py b/tests/plugins/high_entropy_strings_test.py index 9a1474210..b62e75be4 100644 --- a/tests/plugins/high_entropy_strings_test.py +++ b/tests/plugins/high_entropy_strings_test.py @@ -110,6 +110,10 @@ def test_analyze_multiple_strings_same_line(self, content_to_format, expected_re "'{secret}' ' pragma: whitelist secret", "'{secret}' -- pragma: whitelist secret", "'{secret}' -- pragma: whitelist secret", + "'{secret}' ", + "'{secret}' ", + "'{secret}' ", + "'{secret}' ", # Test high entropy exclude regex '"CanonicalUser": "{secret}"', # Not a string From 109a4ebad77e4707279dc6cddaaa2c03700960a1 Mon Sep 17 00:00:00 2001 From: Xianjun Zhu Date: Mon, 8 Apr 2019 16:46:35 -0400 Subject: [PATCH 2/2] fix: lazy match and use regex prefix --- detect_secrets/plugins/common/constants.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/detect_secrets/plugins/common/constants.py b/detect_secrets/plugins/common/constants.py index 3f7b1a0df..60eee25e5 100644 --- a/detect_secrets/plugins/common/constants.py +++ b/detect_secrets/plugins/common/constants.py @@ -6,12 +6,12 @@ for r in [ r'[ \t]+{} *pragma: ?whitelist[ -]secret{}[ \t]*$'.format(start, end) for start, end in ( - ('#', ''), # e.g. python or yaml - ('//', ''), # e.g. golang - (r'/\*', r' *\*/'), # e.g. c - ('\'', ''), # e.g. visual basic .net - ('--', ''), # e.g. sql - (''), # e.g. xml + ('#', ''), # e.g. python or yaml + ('//', ''), # e.g. golang + (r'/\*', r' *\*/'), # e.g. c + ('\'', ''), # e.g. visual basic .net + ('--', ''), # e.g. sql + (r''), # e.g. xml # many other inline comment syntaxes are not included, # because we want to be performant for # any(regex.search(line) for regex in WHITELIST_REGEXES)