feature: support whitelist for xml

detect_secrets/plugins/common/constants.py

@@ -6,11 +6,12 @@
     for r in [
         r'[ \t]+{} *pragma: ?whitelist[ -]secret{}[ \t]*$'.format(start, end)
         for start, end in (
-            ('#', ''),              # e.g. python or yaml
-            ('//', ''),             # e.g. golang
-            (r'/\*', r' *\*/'),     # e.g. c
-            ('\'', ''),             # e.g. visual basic .net
-            ('--', ''),             # e.g. sql
+            ('#', ''),                 # e.g. python or yaml
+            ('//', ''),                # e.g. golang
+            (r'/\*', r' *\*/'),        # e.g. c
+            ('\'', ''),                # e.g. visual basic .net
+            ('--', ''),                # e.g. sql
+            ('<!--[# \t]*', ' *-->'),  # e.g. xml
             # many other inline comment syntaxes are not included,
             # because we want to be performant for
             # any(regex.search(line) for regex in WHITELIST_REGEXES)

tests/plugins/high_entropy_strings_test.py

@@ -110,6 +110,10 @@ def test_analyze_multiple_strings_same_line(self, content_to_format, expected_re
             "'{secret}' '  pragma: whitelist secret",
             "'{secret}'  -- pragma: whitelist secret",
             "'{secret}' --  pragma: whitelist secret",
+            "'{secret}' <!--pragma: whitelist secret-->",
+            "'{secret}' <!-- # pragma: whitelist secret -->",
+            "'{secret}' <!-- pragma: whitelist secret -->",
+            "'{secret}' <!--  pragma: whitelist secret  -->",
             # Test high entropy exclude regex
             '"CanonicalUser": "{secret}"',
             # Not a string