Check pack secrets against provided whitelist as well (#346)

* make packs secret respect generic whitelist as well

* update changelog and readme with pack secrets whitelist

CHANGELOG.md

@@ -8,6 +8,7 @@
 * demisto-sdk lint - json report, structured error reports in json format.
 * demisto-sdk lint - xml junit report for unit-tests.
 * demisto-sdk lint - New packages used in order to excellarate execution time.
+* demisto-sdk secrets command now respects the generic whitelist, and not only the pack secrets.
 
 #### 0.5.0
 [PyPI History][1]

demisto_sdk/commands/secrets/README.md

@@ -68,6 +68,7 @@ this is the proper time to create a new key in the file named "sesame street" an
 ONLY do this in the rare case the string does not fit logically anywhere else.
 - Once you update the white list file with a string, it will be white listed globally for all integrations, even if it's integration specific.
 - Only words of 5+ chars will be taken into account in the whitelist.
+- Secrets found in content packs will be checked against both, the whitelist file provided in the WHITELIST argument, and in and the pack secrets file (.secrets-ignore).
 
 - **Notice:** all words in whitelist must be lowercase. In order to lower case strings use **command+shift+u**
 

demisto_sdk/commands/secrets/secrets.py

@@ -309,19 +309,20 @@ def calculate_shannon_entropy(data):
         return entropy
 
     def get_white_listed_items(self, is_pack, pack_name):
-        whitelist_path = os.path.join(PACKS_DIR, pack_name, PACKS_WHITELIST_FILE_NAME) if is_pack \
-            else self.white_list_path
-        final_white_list, ioc_white_list, files_while_list = \
-            self.get_packs_white_list(whitelist_path, pack_name) if is_pack else \
-            self.get_generic_white_list(whitelist_path)
+        final_white_list, ioc_white_list, files_white_list = self.get_generic_white_list(self.white_list_path)
+        if is_pack:
+            pack_whitelist_path = os.path.join(PACKS_DIR, pack_name, PACKS_WHITELIST_FILE_NAME)
+            pack_white_list, _, pack_files_white_list = self.get_packs_white_list(pack_whitelist_path, pack_name)
+            final_white_list.extend(pack_white_list)
+            files_white_list.extend(pack_files_white_list)
 
         final_white_list = set(final_white_list)
         if '' in final_white_list:
             # remove('') is ignoring empty lines in whitelists - users can accidentally add empty lines and those will
             # cause whitelisting of every string
             final_white_list.remove('')
 
-        return final_white_list, set(ioc_white_list), set(files_while_list)
+        return final_white_list, set(ioc_white_list), set(files_white_list)
 
     @staticmethod
     def get_generic_white_list(whitelist_path):

demisto_sdk/commands/secrets/tests/secrets_test.py

@@ -231,3 +231,16 @@ def test_ignore_base64(self):
         file_contents = self.TEST_BASE_64_STRING
         file_contents = self.validator.ignore_base64(file_contents)
         assert file_contents.lstrip() == 'sade'
+
+    def test_get_white_listed_items_not_pack(self):
+        final_white_list, ioc_white_list, files_white_list = self.validator.get_white_listed_items(False, None)
+        assert final_white_list == {'https://api.zoom.us', 'PaloAltoNetworksXDR', 'ip-172-31-15-237'}
+        assert ioc_white_list == {'https://api.zoom.us'}
+        assert files_white_list == set()
+
+    def test_get_white_listed_items_pack(self, monkeypatch):
+        monkeypatch.setattr('demisto_sdk.commands.secrets.secrets.PACKS_DIR', self.FILES_PATH)
+        final_white_list, ioc_white_list, files_white_list = self.validator.get_white_listed_items(True, 'fake_pack')
+        assert final_white_list == {'https://www.demisto.com', 'https://api.zoom.us', 'PaloAltoNetworksXDR', 'ip-172-31-15-237'}
+        assert ioc_white_list == {'https://api.zoom.us'}
+        assert files_white_list == set()

demisto_sdk/tests/test_files/fake_pack/.secrets-ignore

@@ -0,0 +1 @@
+https://www.demisto.com