Merge pull request Yelp#25 from shamilpatel25/port-azure-storage

porting azure storage key from upstream yelp

detect_secrets/core/usage.py

@@ -499,6 +499,12 @@ class PluginOptions:
             help_text='Disables scans for Square OAuth tokens.',
             filename='square_oauth',
         ),
+        PluginDescriptor(
+            classname='AzureStorageKeyDetector',
+            flag_text='--no-azure-storage-scan',
+            help_text='Disables scans for Azure Storage Account access.',
+            filename='azure_storage_key',
+        ),
     ]
     opt_in_plugins = [
         PluginDescriptor(

detect_secrets/plugins/azure_storage_key.py

@@ -0,0 +1,16 @@
+"""
+This plugin searches for Azure Storage Account access keys.
+"""
+import re
+
+from detect_secrets.plugins.base import RegexBasedDetector
+
+
+class AzureStorageKeyDetector(RegexBasedDetector):
+    """Scans for Azure Storage Account access keys."""
+    secret_type = 'Azure Storage Account access key'
+
+    denylist = [
+        # Account Key (AccountKey=xxxxxxxxx)
+        re.compile(r'AccountKey=[a-zA-Z0-9+\/=]{88}'),
+    ]

tests/plugins/azure_storage_key_test.py

@@ -0,0 +1,19 @@
+import pytest
+
+from detect_secrets.plugins.azure_storage_key import AzureStorageKeyDetector
+
+
+class TestAzureStorageKeyDetector:
+
+    @pytest.mark.parametrize(
+        'payload, should_flag',
+        [
+            (
+                'AccountKey=lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==',  # noqa: E501
+                True,
+            ),
+        ],
+    )
+    def test_analyze(self, payload, should_flag):
+        logic = AzureStorageKeyDetector()
+        assert logic.analyze_line(payload, 1, 'mock_filename')