From 1eced71402a571a4f0b97fdb152213e09e6537a3 Mon Sep 17 00:00:00 2001
From: Shamil Patel <shamil.patel@ibm.com>
Date: Wed, 25 Aug 2021 13:10:43 -0400
Subject: [PATCH 1/2] porting azure storage key from upstream yelp

---
 detect_secrets/core/usage.py                |  6 ++++++
 detect_secrets/plugins/azure_storage_key.py | 16 ++++++++++++++++
 tests/plugins/azure_storage_key_test.py     | 19 +++++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 detect_secrets/plugins/azure_storage_key.py
 create mode 100644 tests/plugins/azure_storage_key_test.py

diff --git a/detect_secrets/core/usage.py b/detect_secrets/core/usage.py
index bcdb4b3d0..48bc9b49a 100644
--- a/detect_secrets/core/usage.py
+++ b/detect_secrets/core/usage.py
@@ -493,6 +493,12 @@ class PluginOptions:
             help_text='Disables scans for NPM keys.',
             filename='npm',
         ),
+        PluginDescriptor(
+            classname='AzureStorageKeyDetector',
+            flag_text='--no-azure-storage-scan',
+            help_text='Disables scans for Azure Storage Account access.',
+            filename='azure_storage_key',
+        ),
     ]
     opt_in_plugins = [
         PluginDescriptor(
diff --git a/detect_secrets/plugins/azure_storage_key.py b/detect_secrets/plugins/azure_storage_key.py
new file mode 100644
index 000000000..a04dff58a
--- /dev/null
+++ b/detect_secrets/plugins/azure_storage_key.py
@@ -0,0 +1,16 @@
+"""
+This plugin searches for Azure Storage Account access keys.
+"""
+import re
+
+from detect_secrets.plugins.base import RegexBasedDetector
+
+
+class AzureStorageKeyDetector(RegexBasedDetector):
+    """Scans for Azure Storage Account access keys."""
+    secret_type = 'Azure Storage Account access key'
+
+    denylist = [
+        # Account Key (AccountKey=xxxxxxxxx)
+        re.compile(r'AccountKey=[a-zA-Z0-9+\/=]{88}'),
+    ]
diff --git a/tests/plugins/azure_storage_key_test.py b/tests/plugins/azure_storage_key_test.py
new file mode 100644
index 000000000..05e3b0fd3
--- /dev/null
+++ b/tests/plugins/azure_storage_key_test.py
@@ -0,0 +1,19 @@
+import pytest
+
+from detect_secrets.plugins.azure_storage_key import AzureStorageKeyDetector
+
+
+class TestAzureStorageKeyDetector:
+
+    @pytest.mark.parametrize(
+        'payload, should_flag',
+        [
+            (
+                'AccountKey=lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==',  # noqa: E501
+                True,
+            ),
+        ],
+    )
+    def test_analyze(self, payload, should_flag):
+        logic = AzureStorageKeyDetector()
+        assert logic.analyze_line(payload, 1, 'mock_filename')

From 0360c23da708d65f028bcc112351bfff2195af20 Mon Sep 17 00:00:00 2001
From: Shamil Patel <shamil.patel@ibm.com>
Date: Wed, 25 Aug 2021 13:27:24 -0400
Subject: [PATCH 2/2] Trigger Build