From 7853960d75c428b772f45161b980d801f6fd1365 Mon Sep 17 00:00:00 2001 From: Aaron Loo Date: Tue, 10 Jul 2018 17:22:13 -0700 Subject: [PATCH] adding --all-files flag --- detect_secrets/core/baseline.py | 16 +++++++++++++++- detect_secrets/core/usage.py | 6 ++++++ detect_secrets/main.py | 1 + tests/core/baseline_test.py | 12 +++++++++++- tests/main_test.py | 14 ++++++++++++++ 5 files changed, 47 insertions(+), 2 deletions(-) diff --git a/detect_secrets/core/baseline.py b/detect_secrets/core/baseline.py index 3223c7b49..43b0c20b9 100644 --- a/detect_secrets/core/baseline.py +++ b/detect_secrets/core/baseline.py @@ -7,7 +7,7 @@ from detect_secrets.core.secrets_collection import SecretsCollection -def initialize(plugins, exclude_regex=None, rootdir='.'): +def initialize(plugins, exclude_regex=None, rootdir='.', scan_all_files=False): """Scans the entire codebase for high entropy strings, and returns a SecretsCollection object. @@ -24,6 +24,8 @@ def initialize(plugins, exclude_regex=None, rootdir='.'): if os.path.isfile(rootdir): # This option allows for much easier adhoc usage. git_files = [rootdir] + elif scan_all_files: + git_files = _get_files_recursively(rootdir) else: git_files = _get_git_tracked_files(rootdir) @@ -256,3 +258,15 @@ def _get_git_tracked_files(rootdir='.'): return set(git_files.decode('utf-8').split()) except subprocess.CalledProcessError: return None + + +def _get_files_recursively(rootdir): + """Sometimes, we want to use this tool with non-git repositories. + This function allows us to do so. + """ + output = [] + for root, dirs, files in os.walk(rootdir): + for filename in files: + output.append(os.path.join(root, filename)) + + return output diff --git a/detect_secrets/core/usage.py b/detect_secrets/core/usage.py index b94c9e7b3..189998841 100644 --- a/detect_secrets/core/usage.py +++ b/detect_secrets/core/usage.py @@ -116,6 +116,12 @@ def _add_initialize_baseline_argument(self): dest='import_filename', ) + self.parser.add_argument( + '--all-files', + action='store_true', + help='Scan all files recursively (as compared to only scanning git tracked files).', + ) + return self diff --git a/detect_secrets/main.py b/detect_secrets/main.py index 8449b1c00..e41e5c57b 100644 --- a/detect_secrets/main.py +++ b/detect_secrets/main.py @@ -57,6 +57,7 @@ def _perform_scan(args): plugins, args.exclude, args.path, + args.all_files, ).format_for_baseline_output() if old_baseline: diff --git a/tests/core/baseline_test.py b/tests/core/baseline_test.py index 627b3dcd3..58d975868 100644 --- a/tests/core/baseline_test.py +++ b/tests/core/baseline_test.py @@ -27,11 +27,17 @@ def setup(self): HexHighEntropyString(3), ) - def get_results(self, rootdir='./test_data/files', exclude_regex=None): + def get_results( + self, + rootdir='./test_data/files', + exclude_regex=None, + scan_all_files=False, + ): return baseline.initialize( self.plugins, rootdir=rootdir, exclude_regex=exclude_regex, + scan_all_files=scan_all_files, ).json() @pytest.mark.parametrize( @@ -90,6 +96,10 @@ def test_single_non_tracked_git_file_should_work(self): assert len(results['will_be_mocked']) == 1 + def test_scan_all_files(self): + results = self.get_results(rootdir='test_data/files', scan_all_files=True) + assert len(results.keys()) == 2 + class TestGetSecretsNotInBaseline(object): diff --git a/tests/main_test.py b/tests/main_test.py index a2adce6cd..f8857bf7f 100644 --- a/tests/main_test.py +++ b/tests/main_test.py @@ -51,6 +51,7 @@ def test_scan_basic(self, mock_baseline_initialize): Any(tuple), None, '.', + False, ) def test_scan_with_rootdir(self, mock_baseline_initialize): @@ -61,6 +62,7 @@ def test_scan_with_rootdir(self, mock_baseline_initialize): Any(tuple), None, 'test_data', + False, ) def test_scan_with_excludes_flag(self, mock_baseline_initialize): @@ -71,6 +73,18 @@ def test_scan_with_excludes_flag(self, mock_baseline_initialize): Any(tuple), 'some_pattern_here', '.', + False, + ) + + def test_scan_with_all_files_flag(self, mock_baseline_initialize): + with mock_stdin(): + assert main('scan --all-files'.split()) == 0 + + mock_baseline_initialize.assert_called_once_with( + Any(tuple), + None, + '.', + True, ) def test_reads_from_stdin(self, mock_merge_baseline):