Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes for audit #83

Merged
merged 5 commits into from
Oct 10, 2018
Merged

Fixes for audit #83

merged 5 commits into from
Oct 10, 2018

Conversation

jkozera
Copy link
Contributor

@jkozera jkozera commented Oct 8, 2018

This PR fixes two issues I've noticed in the audit mode:

  1. keyword plugin failing with SecretNotFoundOnSpecifiedLineError if the secret is different in terms of lowercase vs uppercase. (before this change the keyword plugin is case-insensitive at

    detect-secrets/detect_secrets/plugins/keyword.py

    Line 58 in d912ced

    for identifier in self.secret_generator(string.lower()):
    but case-sensitive at

    detect-secrets/detect_secrets/plugins/keyword.py

    Line 70 in d912ced

    for line in BLACKLIST:
    — and the latter is used by the audit mode at

    detect-secrets/detect_secrets/core/audit.py

    Line 313 in cc6bddb

    for raw_secret in _raw_secret_generator(plugin, secret_line):
    )
  2. _get_secret_with_context failing for small files if they don't have \n at the end of the file.

Jerzy Kozera added 3 commits October 8, 2018 17:52
@KevinHock
Copy link
Collaborator

This looks great to me! Thank you so much for making this, squeaky clean commits too. :)

domanchi
domanchi reviewed Oct 8, 2018
View reviewed changes
detect_secrets/plugins/keyword.py
@@ -55,7 +55,7 @@ def analyze_string(self, string, line_num, filename):
if WHITELIST_REGEX.search(string):
return output

for identifier in self.secret_generator(string.lower()):
for identifier in self.secret_generator(string):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's probably more performant to make the string lowered once here, and passed into secret_generator, than to make it .lower() every time.

detect_secrets/plugins/keyword.py Outdated
@@ -68,5 +68,5 @@ def analyze_string(self, string, line_num, filename):

def secret_generator(self, string):
for line in BLACKLIST:
if line in string:
if line.lower() in string.lower():
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not just change PASS = in BLACKLIST to lowercase?

Simplify and improve performance of the keyword plugin
191bbb5 
As per @domanchi comments for the PR Yelp#83, doing `lower()` once
is enough, and should also be faster.
@jkozera
Copy link
Contributor Author

jkozera commented Oct 8, 2018

@domanchi Good points :) I will update the PR shortly.

@KevinHock KevinHock merged commit 680f00a into Yelp:master Oct 10, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KevinHock KevinHock KevinHock approved these changes

@domanchi domanchi domanchi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jkozera @KevinHock @domanchi