diff --git a/detect_secrets/core/usage.py b/detect_secrets/core/usage.py index 0056a6e04..d62e8ce76 100644 --- a/detect_secrets/core/usage.py +++ b/detect_secrets/core/usage.py @@ -499,6 +499,12 @@ class PluginOptions: help_text='Disables scans for Square OAuth tokens.', filename='square_oauth', ), + PluginDescriptor( + classname='AzureStorageKeyDetector', + flag_text='--no-azure-storage-scan', + help_text='Disables scans for Azure Storage Account access.', + filename='azure_storage_key', + ), ] opt_in_plugins = [ PluginDescriptor( diff --git a/detect_secrets/plugins/azure_storage_key.py b/detect_secrets/plugins/azure_storage_key.py new file mode 100644 index 000000000..a04dff58a --- /dev/null +++ b/detect_secrets/plugins/azure_storage_key.py @@ -0,0 +1,16 @@ +""" +This plugin searches for Azure Storage Account access keys. +""" +import re + +from detect_secrets.plugins.base import RegexBasedDetector + + +class AzureStorageKeyDetector(RegexBasedDetector): + """Scans for Azure Storage Account access keys.""" + secret_type = 'Azure Storage Account access key' + + denylist = [ + # Account Key (AccountKey=xxxxxxxxx) + re.compile(r'AccountKey=[a-zA-Z0-9+\/=]{88}'), + ] diff --git a/tests/plugins/azure_storage_key_test.py b/tests/plugins/azure_storage_key_test.py new file mode 100644 index 000000000..05e3b0fd3 --- /dev/null +++ b/tests/plugins/azure_storage_key_test.py @@ -0,0 +1,19 @@ +import pytest + +from detect_secrets.plugins.azure_storage_key import AzureStorageKeyDetector + + +class TestAzureStorageKeyDetector: + + @pytest.mark.parametrize( + 'payload, should_flag', + [ + ( + 'AccountKey=lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==', # noqa: E501 + True, + ), + ], + ) + def test_analyze(self, payload, should_flag): + logic = AzureStorageKeyDetector() + assert logic.analyze_line(payload, 1, 'mock_filename')