Merge branch 'master' into validate_against_release_branch

demisto · Apr 12, 2020 · 4eaf953 · 4eaf953
2 parents 90096c3 + 9cf08bf
commit 4eaf953
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,5 @@
 # Changelog
-
+* Fixed secretes validations for files with the same name in a different directory
 [PyPI History][1]
 
 [1]: https://pypi.org/project/demisto-sdk/#history

diff --git a/demisto_sdk/commands/secrets/secrets.py b/demisto_sdk/commands/secrets/secrets.py
@@ -206,7 +206,7 @@ def search_potential_secrets(self, secrets_file_paths: list, ignore_entropy: boo
             if high_entropy_strings or secrets_found_with_regex:
                 # uniquify identical matches between lists
                 file_secrets = list(set(high_entropy_strings + secrets_found_with_regex))
-                secrets_found[file_name] = file_secrets
+                secrets_found[file_path] = file_secrets
 
         return secrets_found
 

diff --git a/demisto_sdk/commands/secrets/tests/secrets_test.py b/demisto_sdk/commands/secrets/tests/secrets_test.py
@@ -90,7 +90,7 @@ def test_search_potential_secrets__secrets_found(self):
             ''')
 
         secrets_found = validator.search_potential_secrets([self.TEST_FILE_WITH_SECRETS])
-        assert secrets_found['file_with_secrets_in_it.yml'] == ['OIifdsnsjkgnj3254nkdfsjKNJD0345']
+        assert secrets_found[self.TEST_FILE_WITH_SECRETS] == ['OIifdsnsjkgnj3254nkdfsjKNJD0345']
 
     def test_ignore_entropy(self):
         """
@@ -126,7 +126,43 @@ def test_ignore_entropy(self):
             ''')
 
         secrets_found = validator.search_potential_secrets([self.TEST_FILE_WITH_SECRETS], True)
-        assert secrets_found['file_with_secrets_in_it.yml'] == ['fooo@someorg.com']
+        assert secrets_found[self.TEST_FILE_WITH_SECRETS] == ['fooo@someorg.com']
+
+    def test_two_files_with_same_name(self):
+        """
+        - no items in the whitelist
+        - file contains 1 secret:
+            - email
+
+        - run validate secrets with --ignore-entropy=True
+
+        - ensure secret is found in two files from different directories with the same base name
+        """
+        create_empty_whitelist_secrets_file(os.path.join(TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME))
+        dir1_path = os.path.join(TestSecrets.TEMP_DIR, "dir1")
+        dir2_path = os.path.join(TestSecrets.TEMP_DIR, "dir2")
+        os.mkdir(dir1_path)
+        os.mkdir(dir2_path)
+        validator = SecretsValidator(is_circle=True,
+                                     ignore_entropy=True,
+                                     white_list_path=os.path.join(TestSecrets.TEMP_DIR,
+                                                                  TestSecrets.WHITE_LIST_FILE_NAME))
+
+        file_name = 'README.md'
+        file1_path = os.path.join(dir1_path, file_name)
+        file2_path = os.path.join(dir2_path, file_name)
+        for file_path in [file1_path, file2_path]:
+            with io.open(file_path, 'w') as f:
+                f.write('''
+print('This is our dummy code')
+
+my_email = "fooo@someorg.com"
+
+
+''')
+        secrets_found = validator.search_potential_secrets([file1_path, file2_path], True)
+        assert secrets_found[os.path.join(dir1_path, file_name)] == ['fooo@someorg.com']
+        assert secrets_found[os.path.join(dir2_path, file_name)] == ['fooo@someorg.com']
 
     def test_remove_white_list_regex(self):
         white_list = '155.165.45.232'