From af246498b8499fd5e18fd292e5855f985624f930 Mon Sep 17 00:00:00 2001 From: Artur Barseghyan Date: Mon, 28 Aug 2023 00:12:27 +0200 Subject: [PATCH] Add detected secrets --- .pre-commit-config.yaml | 69 +++ .pre-commit-hooks.yaml | 15 + .secrets.baseline | 493 ++++++++++++++++++++++ scripts/detect-secrets-create-baseline.sh | 2 + scripts/detect-secrets-update-baseline.sh | 2 + 5 files changed, 581 insertions(+) create mode 100644 .pre-commit-config.yaml create mode 100644 .pre-commit-hooks.yaml create mode 100644 .secrets.baseline create mode 100755 scripts/detect-secrets-create-baseline.sh create mode 100755 scripts/detect-secrets-update-baseline.sh diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..3815b12 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,69 @@ +exclude: "^docs/|/migrations/" +default_stages: [ commit, push ] +default_language_version: + python: python3 + +repos: + + - repo: local + hooks: + - id: detect-secrets + name: Detect secrets + language: python + entry: detect-secrets-hook + args: ['--baseline', '.secrets.baseline'] + + - id: doc8 + name: Doc8 linter + language: python + entry: doc8 + args: [] + + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: trailing-whitespace + exclude: "data/" + + - id: end-of-file-fixer + - id: check-yaml + - id: check-toml + - id: check-added-large-files + - id: debug-statements + - id: check-merge-conflict + + - repo: https://github.com/psf/black + rev: 23.1.0 + hooks: + - id: black + name: black + files: . + args: [ "--config", "pyproject.toml" ] + + - repo: https://github.com/pycqa/isort + rev: 5.12.0 + hooks: + - id: isort + name: isort + files: . + args: [ "--settings-path", "pyproject.toml", "--profile=black" ] + + - repo: https://github.com/charliermarsh/ruff-pre-commit + rev: v0.0.252 + hooks: + - id: ruff + name: lint + files: . + args: [ "--config", "pyproject.toml" ] + +# - repo: https://github.com/asottile/pyupgrade +# rev: v3.2.0 +# hooks: +# - id: pyupgrade +# args: [ --py310-plus ] +# +# - repo: https://github.com/adamchainz/django-upgrade +# rev: 1.11.0 +# hooks: +# - id: django-upgrade +# args: [ --target-version, "3.2" ] diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml new file mode 100644 index 0000000..2e68790 --- /dev/null +++ b/.pre-commit-hooks.yaml @@ -0,0 +1,15 @@ +- id: detect-secrets + name: Detect secrets + description: Detects high entropy strings that are likely to be passwords. + entry: detect-secrets-hook + language: python + # for backward compatibility + files: .* + +- id: doc8 + name: doc8 + description: This hook runs doc8 for linting docs + entry: doc8 + language: python + files: \.rst$ + require_serial: true diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..c5c5ac0 --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,493 @@ +{ + "version": "1.4.0", + "plugins_used": [ + { + "name": "ArtifactoryDetector" + }, + { + "name": "AWSKeyDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "name": "Base64HighEntropyString", + "limit": 4.5 + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "CloudantDetector" + }, + { + "name": "DiscordBotTokenDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "name": "HexHighEntropyString", + "limit": 3.0 + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "name": "KeywordDetector", + "keyword_exclude": "" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "SendGridDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "filters_used": [ + { + "path": "detect_secrets.filters.allowlist.is_line_allowlisted" + }, + { + "path": "detect_secrets.filters.common.is_baseline_file", + "filename": ".secrets.baseline" + }, + { + "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", + "min_level": 2 + }, + { + "path": "detect_secrets.filters.heuristic.is_indirect_reference" + }, + { + "path": "detect_secrets.filters.heuristic.is_likely_id_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_lock_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_potential_uuid" + }, + { + "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" + }, + { + "path": "detect_secrets.filters.heuristic.is_sequential_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_swagger_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_templated_secret" + } + ], + "results": { + "README.rst": [ + { + "type": "Secret Keyword", + "filename": "README.rst", + "hashed_secret": "511f2dd21db3b40daeac71805fe64a3e593883e8", + "is_verified": true, + "line_number": 173 + }, + { + "type": "Base64 High Entropy String", + "filename": "README.rst", + "hashed_secret": "d5ee199939f4252eb25b91e28a5882a66880181a", + "is_verified": true, + "line_number": 267 + }, + { + "type": "Secret Keyword", + "filename": "README.rst", + "hashed_secret": "33f220dd67f717cc949db63e21c90e130a6137da", + "is_verified": true, + "line_number": 417 + }, + { + "type": "Base64 High Entropy String", + "filename": "README.rst", + "hashed_secret": "2f28187605caf9c2e3a628accc3c2ab7f5f7e291", + "is_verified": true, + "line_number": 557 + }, + { + "type": "Secret Keyword", + "filename": "README.rst", + "hashed_secret": "01c92a77244f5e8e3b1e566c4a9266e724de6d98", + "is_verified": true, + "line_number": 605 + }, + { + "type": "Secret Keyword", + "filename": "README.rst", + "hashed_secret": "76ce15edd5a8548603b6fd281d185f323234758f", + "is_verified": true, + "line_number": 666 + }, + { + "type": "Secret Keyword", + "filename": "README.rst", + "hashed_secret": "c22e4752b05214b335c36fcaaf4c4d63becdaa9e", + "is_verified": true, + "line_number": 671 + }, + { + "type": "Secret Keyword", + "filename": "README.rst", + "hashed_secret": "a0d89124054e2c525995c46f7c344a18d7323a1b", + "is_verified": true, + "line_number": 676 + }, + { + "type": "Secret Keyword", + "filename": "README.rst", + "hashed_secret": "0d88aca049e1ba38a09bd9f3fd8b2c72578bb90a", + "is_verified": true, + "line_number": 681 + }, + { + "type": "Secret Keyword", + "filename": "README.rst", + "hashed_secret": "759d7d9782a90f0530acb0be68d53ca0850c6e46", + "is_verified": true, + "line_number": 689 + }, + { + "type": "Secret Keyword", + "filename": "README.rst", + "hashed_secret": "10d89b9fc39ca1c16255aa3acc76d64528aa5b71", + "is_verified": true, + "line_number": 694 + }, + { + "type": "Secret Keyword", + "filename": "README.rst", + "hashed_secret": "bdec2b78122786b422473fe5212e07dbed011045", + "is_verified": true, + "line_number": 700 + }, + { + "type": "Secret Keyword", + "filename": "README.rst", + "hashed_secret": "dff6d4ff5dc357cf451d1855ab9cbda562645c9f", + "is_verified": true, + "line_number": 963 + } + ], + "TODOS.rst": [ + { + "type": "Secret Keyword", + "filename": "TODOS.rst", + "hashed_secret": "511f2dd21db3b40daeac71805fe64a3e593883e8", + "is_verified": true, + "line_number": 103 + } + ], + "examples/simple/factories/auth_user.py": [ + { + "type": "Secret Keyword", + "filename": "examples/simple/factories/auth_user.py", + "hashed_secret": "9fb7fe1217aed442b04c0f5e43b5d5a7d3287097", + "is_verified": true, + "line_number": 35 + } + ], + "examples/simple/factories/constance_constance.py": [ + { + "type": "Secret Keyword", + "filename": "examples/simple/factories/constance_constance.py", + "hashed_secret": "1594e671a10bdecb0aa02bb10877f92546c3b5e6", + "is_verified": true, + "line_number": 44 + }, + { + "type": "Secret Keyword", + "filename": "examples/simple/factories/constance_constance.py", + "hashed_secret": "a519daee141ec1682355e19696c7fa813976fe32", + "is_verified": true, + "line_number": 48 + }, + { + "type": "Secret Keyword", + "filename": "examples/simple/factories/constance_constance.py", + "hashed_secret": "5b2064709dd39f30a7fe76d469ca0d685542f53f", + "is_verified": true, + "line_number": 54 + } + ], + "examples/simple/settings/base.py": [ + { + "type": "Secret Keyword", + "filename": "examples/simple/settings/base.py", + "hashed_secret": "8fea53202c3d4b429aabc7d28b64bc1774cf1d2a", + "is_verified": true, + "line_number": 100 + }, + { + "type": "Secret Keyword", + "filename": "examples/simple/settings/base.py", + "hashed_secret": "dff6d4ff5dc357cf451d1855ab9cbda562645c9f", + "is_verified": true, + "line_number": 189 + }, + { + "type": "Secret Keyword", + "filename": "examples/simple/settings/base.py", + "hashed_secret": "759d7d9782a90f0530acb0be68d53ca0850c6e46", + "is_verified": true, + "line_number": 201 + }, + { + "type": "Secret Keyword", + "filename": "examples/simple/settings/base.py", + "hashed_secret": "10d89b9fc39ca1c16255aa3acc76d64528aa5b71", + "is_verified": true, + "line_number": 205 + }, + { + "type": "Secret Keyword", + "filename": "examples/simple/settings/base.py", + "hashed_secret": "bdec2b78122786b422473fe5212e07dbed011045", + "is_verified": true, + "line_number": 210 + } + ], + "examples/simple/settings/constance_settings.py": [ + { + "type": "Secret Keyword", + "filename": "examples/simple/settings/constance_settings.py", + "hashed_secret": "759d7d9782a90f0530acb0be68d53ca0850c6e46", + "is_verified": true, + "line_number": 25 + }, + { + "type": "Secret Keyword", + "filename": "examples/simple/settings/constance_settings.py", + "hashed_secret": "10d89b9fc39ca1c16255aa3acc76d64528aa5b71", + "is_verified": true, + "line_number": 29 + }, + { + "type": "Secret Keyword", + "filename": "examples/simple/settings/constance_settings.py", + "hashed_secret": "bdec2b78122786b422473fe5212e07dbed011045", + "is_verified": true, + "line_number": 35 + } + ], + "src/ska/base.py": [ + { + "type": "Base64 High Entropy String", + "filename": "src/ska/base.py", + "hashed_secret": "2f28187605caf9c2e3a628accc3c2ab7f5f7e291", + "is_verified": true, + "line_number": 150 + } + ], + "src/ska/contrib/django/ska/tests/test_constance_authentication_backend.py": [ + { + "type": "Secret Keyword", + "filename": "src/ska/contrib/django/ska/tests/test_constance_authentication_backend.py", + "hashed_secret": "759d7d9782a90f0530acb0be68d53ca0850c6e46", + "is_verified": true, + "line_number": 36 + }, + { + "type": "Secret Keyword", + "filename": "src/ska/contrib/django/ska/tests/test_constance_authentication_backend.py", + "hashed_secret": "10d89b9fc39ca1c16255aa3acc76d64528aa5b71", + "is_verified": true, + "line_number": 41 + }, + { + "type": "Secret Keyword", + "filename": "src/ska/contrib/django/ska/tests/test_constance_authentication_backend.py", + "hashed_secret": "bdec2b78122786b422473fe5212e07dbed011045", + "is_verified": true, + "line_number": 48 + } + ], + "src/ska/shortcuts.py": [ + { + "type": "Secret Keyword", + "filename": "src/ska/shortcuts.py", + "hashed_secret": "511f2dd21db3b40daeac71805fe64a3e593883e8", + "is_verified": true, + "line_number": 79 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/shortcuts.py", + "hashed_secret": "d5ee199939f4252eb25b91e28a5882a66880181a", + "is_verified": true, + "line_number": 175 + } + ], + "src/ska/tests/test_commands.py": [ + { + "type": "Secret Keyword", + "filename": "src/ska/tests/test_commands.py", + "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", + "is_verified": true, + "line_number": 20 + } + ], + "src/ska/tests/test_core.py": [ + { + "type": "Secret Keyword", + "filename": "src/ska/tests/test_core.py", + "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", + "is_verified": true, + "line_number": 40 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/tests/test_core.py", + "hashed_secret": "2f28187605caf9c2e3a628accc3c2ab7f5f7e291", + "is_verified": true, + "line_number": 246 + }, + { + "type": "Secret Keyword", + "filename": "src/ska/tests/test_core.py", + "hashed_secret": "892e597d10e85b6f6583eb09efd41d1fa3e612fa", + "is_verified": true, + "line_number": 248 + } + ], + "src/ska/tests/test_integration.py": [ + { + "type": "Secret Keyword", + "filename": "src/ska/tests/test_integration.py", + "hashed_secret": "d1df76df30579e6699768756ea1f32df298290fd", + "is_verified": true, + "line_number": 15 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/tests/test_integration.py", + "hashed_secret": "48b00574261b89a4fcaeb1be299f7c8917fa1db8", + "is_verified": true, + "line_number": 150 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/tests/test_integration.py", + "hashed_secret": "d63db85f5c01415d564ebcfe98c09a8f0405d20d", + "is_verified": true, + "line_number": 162 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/tests/test_integration.py", + "hashed_secret": "3ba02508be9211874ae016eac1b4fc2dc470df8c", + "is_verified": true, + "line_number": 174 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/tests/test_integration.py", + "hashed_secret": "0864191e9b5fb7cc5353cd15cc523f27dfcf90cc", + "is_verified": true, + "line_number": 186 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/tests/test_integration.py", + "hashed_secret": "1e2e030b0482337dac9de286a88b7809df08f1c1", + "is_verified": true, + "line_number": 198 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/tests/test_integration.py", + "hashed_secret": "b63e6acbc4321d8a199b65118ee361a3bcaf4499", + "is_verified": true, + "line_number": 210 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/tests/test_integration.py", + "hashed_secret": "9147837ee7c0a463c6955f0c83c28695e1fec1ca", + "is_verified": true, + "line_number": 222 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/tests/test_integration.py", + "hashed_secret": "b7749920c41b6a6d62cd4bc9f4a804808275d993", + "is_verified": true, + "line_number": 234 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/tests/test_integration.py", + "hashed_secret": "c1f3fcfc1948f2119ff03add7952e9dd2f65dba3", + "is_verified": true, + "line_number": 246 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/tests/test_integration.py", + "hashed_secret": "6cf2444be1e66c40dc758aeed1a1f59b69f15e05", + "is_verified": true, + "line_number": 258 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/tests/test_integration.py", + "hashed_secret": "bf09f0ce35ae80ce6387d5eb52b66c8a4f7171be", + "is_verified": true, + "line_number": 270 + } + ], + "src/ska/utils.py": [ + { + "type": "Secret Keyword", + "filename": "src/ska/utils.py", + "hashed_secret": "33f220dd67f717cc949db63e21c90e130a6137da", + "is_verified": true, + "line_number": 77 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/ska/utils.py", + "hashed_secret": "d5ee199939f4252eb25b91e28a5882a66880181a", + "is_verified": true, + "line_number": 147 + } + ] + }, + "generated_at": "2023-08-27T22:00:07Z" +} diff --git a/scripts/detect-secrets-create-baseline.sh b/scripts/detect-secrets-create-baseline.sh new file mode 100755 index 0000000..d3c6772 --- /dev/null +++ b/scripts/detect-secrets-create-baseline.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +detect-secrets scan > .secrets.baseline diff --git a/scripts/detect-secrets-update-baseline.sh b/scripts/detect-secrets-update-baseline.sh new file mode 100755 index 0000000..69ae54c --- /dev/null +++ b/scripts/detect-secrets-update-baseline.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +detect-secrets scan --baseline .secrets.baseline