fix(detect-secrets): improve how secret detection works (#6109)

* changes * more * some more * back to bash * rename * fix * Delete requirements.txt * Update scripts/install * Update .husky/pre-commit * Update package.json * small update
artsy · Feb 3, 2022 · 4b4f347 · 4b4f347
1 parent 145e2f3
commit 4b4f347
Show file tree

Hide file tree

Showing 16 changed files with 378 additions and 43 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -221,7 +221,7 @@ jobs:
     working_directory: /usr/src/app
     steps:
       - checkout
-      - run: detect-secrets-hook --baseline .secrets.baseline --exclude-secrets '[a-fA-F0-9]{24}' --exclude-lines 'W/"[!#-\x7E]*"' $(git ls-files | grep -v stickerpack)
+      - run: ./scripts/secrets-check-all
 
   deploy-nightly-beta:
     environment:

diff --git a/.husky/pre-commit b/.husky/pre-commit
@@ -3,4 +3,4 @@
 
 
 yarn lint-staged
-yarn detect-secrets-staged
+yarn secrets:check:staged
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -102,15 +102,14 @@
       "path": "detect_secrets.filters.heuristic.is_templated_secret"
     },
     {
-      "path": "detect_secrets.filters.regex.should_exclude_line",
+      "path": "detect_secrets.filters.regex.should_exclude_file",
       "pattern": [
-        "W/[!#-\\x7E]*"
-      ]
-    },
-    {
-      "path": "detect_secrets.filters.regex.should_exclude_secret",
-      "pattern": [
-        "[a-fA-F0-9]{24}"
+        "/.lock$/",
+        "/.png$/",
+        "/.webp$/",
+        "/.jpg$/",
+        "/.jar$/",
+        "/__generated__/"
       ]
     }
   ],
@@ -121,13 +120,48 @@
         "filename": "Artsy.xcodeproj/xcshareddata/xcschemes/Artsy Stickers.xcscheme",
         "hashed_secret": "6aabb8b02d2915e10a5e6335cfc9af08a6f3f708",
         "is_verified": false,
-        "line_number": 18
+        "line_number": 18,
+        "is_secret": true
       },
       {
         "type": "Hex High Entropy String",
         "filename": "Artsy.xcodeproj/xcshareddata/xcschemes/Artsy Stickers.xcscheme",
         "hashed_secret": "15a5431bd32fc0fb1dd2bac526fb16d1494753be",
         "is_verified": false,
+        "line_number": 32,
+        "is_secret": true
+      }
+    ],
+    "Artsy.xcodeproj/xcshareddata/xcschemes/Artsy.xcscheme": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy.xcodeproj/xcshareddata/xcschemes/Artsy.xcscheme",
+        "hashed_secret": "15a5431bd32fc0fb1dd2bac526fb16d1494753be",
+        "is_verified": false,
+        "line_number": 17,
+        "is_secret": true
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy.xcodeproj/xcshareddata/xcschemes/Artsy.xcscheme",
+        "hashed_secret": "f87e1924bd54ea6e4be7644acd24c98f01d2b6b1",
+        "is_verified": false,
+        "line_number": 75
+      }
+    ],
+    "Artsy.xcodeproj/xcshareddata/xcschemes/ArtsyWidgetExtension.xcscheme": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy.xcodeproj/xcshareddata/xcschemes/ArtsyWidgetExtension.xcscheme",
+        "hashed_secret": "13d6a129a5a32f1ca827175ad94f372ae4a4029f",
+        "is_verified": false,
+        "line_number": 18
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy.xcodeproj/xcshareddata/xcschemes/ArtsyWidgetExtension.xcscheme",
+        "hashed_secret": "15a5431bd32fc0fb1dd2bac526fb16d1494753be",
+        "is_verified": false,
         "line_number": 32
       }
     ],
@@ -140,20 +174,223 @@
         "line_number": 6
       }
     ],
+    "Artsy/View_Controllers/live_auctions_socket.json": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "8c33911cc724f80a2448f86385843e8e5fbc2deb",
+        "is_verified": false,
+        "line_number": 4
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "1197074fe5b1688d89854feea51cdb81a82b0163",
+        "is_verified": false,
+        "line_number": 26
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "546a28e2fb097ecf73f202e4d76d23fae06664e6",
+        "is_verified": false,
+        "line_number": 48
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "cf2c190b800ef74fc211f29f5bde9d11b04513e9",
+        "is_verified": false,
+        "line_number": 70
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "5fa1aaa871c4398160078e9a69bc182fe8459d20",
+        "is_verified": false,
+        "line_number": 92
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "f56be5ff1f0fcb442ab5552de01ed4a0f33a6197",
+        "is_verified": false,
+        "line_number": 114,
+        "is_secret": true
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "70202e4a31db4efda93ac5da4467aee15955e757",
+        "is_verified": false,
+        "line_number": 136
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "441a1efbb2f5fb389482a6e9714bbb1156940fb5",
+        "is_verified": false,
+        "line_number": 158
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "2bb9e6a9d15129a5fa4906884daab855b574d14e",
+        "is_verified": false,
+        "line_number": 180
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "2fb6535d257d8b802e76567e0b2d1e70a6c992d5",
+        "is_verified": false,
+        "line_number": 202
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "2bbe2040d1b3cc7e668020597d24cca4ff1c9c94",
+        "is_verified": false,
+        "line_number": 234
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "5413f91d254d6035fdd778aefe3ed908dfdc3f51",
+        "is_verified": false,
+        "line_number": 385
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "84494ababe4e8e8616748bb5e63d94b8cabfb02e",
+        "is_verified": false,
+        "line_number": 407
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "33b79b577ef868edd8c22430c399b8952baaf1ef",
+        "is_verified": false,
+        "line_number": 429
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "8e1dd297b57bbd9d31c0248274fca83ca7a37c20",
+        "is_verified": false,
+        "line_number": 451
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "6db41c8b237d299690cc2e0a4f7e8262a5db86d7",
+        "is_verified": false,
+        "line_number": 473
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "6c3d2a4ac9e1d85285af7bc1dd78c006296f17a4",
+        "is_verified": false,
+        "line_number": 495
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "081249a9ea03533a59b18bdc677c9c5916d5c751",
+        "is_verified": false,
+        "line_number": 517
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "65ce5f5dd82e1879cfaf2f9b7c77574ed8cbb811",
+        "is_verified": false,
+        "line_number": 539
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "cfc760c8009779fd188ee5858206ea49552a9878",
+        "is_verified": false,
+        "line_number": 561
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "b695bb92e86201d04c75ef5c71337934a7c9a63e",
+        "is_verified": false,
+        "line_number": 583
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "05743cb98cadf74cce41f74650b7a32e655b6212",
+        "is_verified": false,
+        "line_number": 605
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "a675752cd43399fa57679f18e0f96df6e19dfd47",
+        "is_verified": false,
+        "line_number": 627
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "Artsy/View_Controllers/live_auctions_socket.json",
+        "hashed_secret": "2ad401dfee2508f7293eda83bd7ca9fe993ad7aa",
+        "is_verified": false,
+        "line_number": 649
+      }
+    ],
+    "ArtsyWidget/Fixtures.swift": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "ArtsyWidget/Fixtures.swift",
+        "hashed_secret": "82c71809ac7630dec40d356c729955b7f4f0a23c",
+        "is_verified": false,
+        "line_number": 5
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "ArtsyWidget/Fixtures.swift",
+        "hashed_secret": "2e529c680f8ffeed9cba698fe2539a42e6a1e7fa",
+        "is_verified": false,
+        "line_number": 12
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "ArtsyWidget/Fixtures.swift",
+        "hashed_secret": "79c7825718a30565467f7ddd1075ba61c86e3374",
+        "is_verified": false,
+        "line_number": 19
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "ArtsyWidget/Fixtures.swift",
+        "hashed_secret": "98d980009dbf0506036553c0a3957171c321f33a",
+        "is_verified": false,
+        "line_number": 26
+      }
+    ],
     "Artsy_Tests/View_Controller_Tests/Live_Auction/FakeSalesPerson.swift": [
       {
         "type": "JSON Web Token",
         "filename": "Artsy_Tests/View_Controller_Tests/Live_Auction/FakeSalesPerson.swift",
         "hashed_secret": "54731282ed8341e2fd396060413d4bb168b5f99c",
         "is_verified": false,
-        "line_number": 78
+        "line_number": 78,
+        "is_secret": false
       },
       {
         "type": "JSON Web Token",
         "filename": "Artsy_Tests/View_Controller_Tests/Live_Auction/FakeSalesPerson.swift",
         "hashed_secret": "a5bb30a4f5e2458b4bab509514010ff3fefdac96",
         "is_verified": false,
-        "line_number": 82
+        "line_number": 82,
+        "is_secret": false
       },
       {
         "type": "JSON Web Token",
@@ -163,6 +400,31 @@
         "line_number": 86
       }
     ],
+    "android/app/build.gradle": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "android/app/build.gradle",
+        "hashed_secret": "91f71e355c66ef5ff819b35c867d4d28b9a8c469",
+        "is_verified": false,
+        "line_number": 151
+      }
+    ],
+    "src/lib/Scenes/Artwork/Components/CommercialInformation.tests.tsx": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "src/lib/Scenes/Artwork/Components/CommercialInformation.tests.tsx",
+        "hashed_secret": "ead2477c86563400ffd2577338c6c83ae48aeb5a",
+        "is_verified": false,
+        "line_number": 291
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "src/lib/Scenes/Artwork/Components/CommercialInformation.tests.tsx",
+        "hashed_secret": "f8c1197cdd5e93fc4ff721cd4417cad3b2fbd047",
+        "is_verified": false,
+        "line_number": 302
+      }
+    ],
     "src/lib/Scenes/Consignments/fixtures/places.json": [
       {
         "type": "Base64 High Entropy String",
@@ -200,6 +462,31 @@
         "line_number": 161
       }
     ],
+    "src/lib/Scenes/MyCollection/Screens/ArtworkForm/MyCollectionArtworkForm.tests.tsx": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "src/lib/Scenes/MyCollection/Screens/ArtworkForm/MyCollectionArtworkForm.tests.tsx",
+        "hashed_secret": "b5b44d59e3036fde34acae6a4ac3a669e27496ab",
+        "is_verified": false,
+        "line_number": 423
+      }
+    ],
+    "src/lib/Scenes/MyCollection/utils/randomMyCollectionArtwork.ts": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "src/lib/Scenes/MyCollection/utils/randomMyCollectionArtwork.ts",
+        "hashed_secret": "3ab18e9e12e053d935e40699910af0f0ff95b41a",
+        "is_verified": false,
+        "line_number": 19
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "src/lib/Scenes/MyCollection/utils/randomMyCollectionArtwork.ts",
+        "hashed_secret": "42079fa93fed2bbfcf020877932d355fd854f19f",
+        "is_verified": false,
+        "line_number": 20
+      }
+    ],
     "src/lib/Scenes/Onboarding/OnboardingLogin.tsx": [
       {
         "type": "Secret Keyword",
@@ -272,5 +559,5 @@
       }
     ]
   },
-  "generated_at": "2022-01-27T20:09:02Z"
+  "generated_at": "2022-02-03T10:18:41Z"
 }