From 1cb5e89a9ae3944ec2b60c9567550fc30fe9d023 Mon Sep 17 00:00:00 2001
From: Kevin Hock <khock@yelp.com>
Date: Wed, 1 Aug 2018 14:07:52 -0700
Subject: [PATCH] Skip sequential strings in the right spot Made an
 is_sequential_string function Prefixed existing sequential secrets with BEEF

---
 detect_secrets/plugins/high_entropy_strings.py | 14 +++++++++-----
 test_data/short_files/first_line.py            |  3 ++-
 tests/core/baseline_test.py                    |  2 +-
 tests/main_test.py                             |  7 ++++---
 4 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/detect_secrets/plugins/high_entropy_strings.py b/detect_secrets/plugins/high_entropy_strings.py
index e74ce0758..d7735ccd8 100644
--- a/detect_secrets/plugins/high_entropy_strings.py
+++ b/detect_secrets/plugins/high_entropy_strings.py
@@ -83,6 +83,13 @@ def calculate_shannon_entropy(self, data):
 
         return entropy
 
+    def is_sequential_string(self, string):
+        uppercased_string = string.upper()
+        for sequential_string in IGNORED_SEQUENTIAL_STRINGS:
+            if uppercased_string in sequential_string:
+                return True
+        return False
+
     def analyze_string(self, string, line_num, filename):
         """Searches string for custom pattern, and captures all high entropy strings that
         match self.regex, with a limit defined as self.entropy_limit.
@@ -92,12 +99,9 @@ def analyze_string(self, string, line_num, filename):
         if WHITELIST_REGEX.search(string):
             return output
 
-        uppercased_string = string.upper()
-        for sequential_string in IGNORED_SEQUENTIAL_STRINGS:
-            if uppercased_string in sequential_string:
-                return output
-
         for result in self.secret_generator(string):
+            if self.is_sequential_string(result):
+                continue
             secret = PotentialSecret(self.secret_type, filename, line_num, result)
             output[secret] = secret
 
diff --git a/test_data/short_files/first_line.py b/test_data/short_files/first_line.py
index 0e9d04515..ae20b49c3 100644
--- a/test_data/short_files/first_line.py
+++ b/test_data/short_files/first_line.py
@@ -1,3 +1,4 @@
-secret = '0123456789a'
+secret = 'BEEF0123456789a'
+skipped_sequential_false_positive = '0123456789a'
 print('second line')
 var = 'third line'
diff --git a/tests/core/baseline_test.py b/tests/core/baseline_test.py
index 58d975868..9a84b06c3 100644
--- a/tests/core/baseline_test.py
+++ b/tests/core/baseline_test.py
@@ -89,7 +89,7 @@ def test_single_non_tracked_git_file_should_work(self):
             'detect_secrets.core.baseline.os.path.isfile',
             return_value=True,
         ), mock_open(
-            'Super hidden value "0123456789a"',
+            'Super hidden value "BEEF0123456789a"',
             'detect_secrets.core.secrets_collection.codecs.open',
         ):
             results = self.get_results('will_be_mocked')
diff --git a/tests/main_test.py b/tests/main_test.py
index 5fb5429b4..9c1f9683d 100644
--- a/tests/main_test.py
+++ b/tests/main_test.py
@@ -149,9 +149,10 @@ def test_old_baseline_ignored_with_update_flag(
             (
                 'test_data/short_files/first_line.py',
                 textwrap.dedent("""
-                    1:secret = '0123456789a'
-                    2:print('second line')
-                    3:var = 'third line'
+                    1:secret = 'BEEF0123456789a'
+                    2:skipped_sequential_false_positive = '0123456789a'
+                    3:print('second line')
+                    4:var = 'third line'
                 """)[1:-1],
             ),
             (