Skip to content

Commit

Permalink
Use RegexBasedDetector.assign_regex_generator (Yelp#215)
Browse files Browse the repository at this point in the history
* feat: use assign regex in cloudant

* feat: use assign regex in db2

* feat: use assign regex in gh

* feat: use assign regex in iam

* feat: use assign regex in sl

* address comments

* address comments

* address comments
  • Loading branch information
XIANJUN ZHU committed Oct 18, 2019
1 parent f949ae2 commit da3d9ca
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 84 deletions.
58 changes: 15 additions & 43 deletions softlayer.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,39 +13,24 @@ class SoftLayerDetector(RegexBasedDetector):
secret_type = 'SoftLayer Credentials'

# opt means optional
opt_quote = r'(?:"|\'|)'
opt_dashes = r'(?:--|)'
sl = r'(?:softlayer|sl)'
opt_dash_undrscr = r'(?:_|-|)'
opt_api = r'(?:api|)'
sl = r'(?:softlayer|sl)(?:_|-|)(?:api|)'
key_or_pass = r'(?:key|pwd|password|pass|token)'
opt_space = r'(?: *)'
opt_assignment = r'(?:=|:|:=|=>|)'
secret = r'([a-z0-9]{64})'
denylist = [
re.compile(
r'{opt_quote}{opt_dashes}{sl}{opt_dash_undrscr}{opt_api}{opt_dash_undrscr}{key_or_pass}'
'{opt_quote}{opt_space}{opt_assignment}{opt_space}{opt_quote}{secret}'
'{opt_quote}'.format(
opt_quote=opt_quote,
opt_dashes=opt_dashes,
sl=sl,
opt_dash_undrscr=opt_dash_undrscr,
opt_api=opt_api,
key_or_pass=key_or_pass,
opt_space=opt_space,
opt_assignment=opt_assignment,
secret=secret,
), flags=re.IGNORECASE,
RegexBasedDetector.assign_regex_generator(
prefix_regex=sl,
password_keyword_regex=key_or_pass,
password_regex=secret,
),

re.compile(
r'(?:http|https)://api.softlayer.com/soap/(?:v3|v3.1)/([a-z0-9]{64})',
flags=re.IGNORECASE,
),
]

def verify(self, token, content, potential_secret=None):
usernames = get_username(content)
usernames = find_username(content)
if not usernames:
return VerifiedResult.UNVERIFIED

Expand All @@ -55,30 +40,17 @@ def verify(self, token, content, potential_secret=None):
return VerifiedResult.VERIFIED_FALSE


def get_username(content):
def find_username(content):
# opt means optional
opt_quote = r'(?:"|\'|)'
opt_dashes = r'(?:--|)'
opt_sl = r'(?:softlayer|sl|)'
opt_dash_undrscr = r'(?:_|-|)'
opt_api = r'(?:api|)'
username_keyword = r'(?:username|id|user|userid|user-id|user-name|name|user_id|user_name|uname)'
opt_space = r'(?: |)'
seperator = r'(?: |=|:|:=|=>)+'
username_keyword = r'(?:username|id|user|userid|user-id|user-name|' + \
r'name|user_id|user_name|uname)'
username = r'(\w(?:\w|_|@|\.|-)+)'
regex = re.compile(
r'{opt_quote}{opt_dashes}{opt_sl}{opt_dash_undrscr}{opt_api}{opt_dash_undrscr}'
'{username_keyword}{opt_quote}{seperator}{opt_quote}{username}{opt_quote}'.format(
opt_quote=opt_quote,
opt_dashes=opt_dashes,
opt_sl=opt_sl,
opt_dash_undrscr=opt_dash_undrscr,
opt_api=opt_api,
username_keyword=username_keyword,
opt_space=opt_space,
username=username,
seperator=seperator,
), flags=re.IGNORECASE,
RegexBasedDetector.assign_regex_generator(
prefix_regex=SoftLayerDetector.sl,
password_keyword_regex=username_keyword,
password_regex=username,
),
)

return [
Expand Down
81 changes: 40 additions & 41 deletions softlayer_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

from detect_secrets.core.constants import VerifiedResult
from detect_secrets.core.potential_secret import PotentialSecret
from detect_secrets.plugins.softlayer import get_username
from detect_secrets.plugins.softlayer import find_username
from detect_secrets.plugins.softlayer import SoftLayerDetector

SL_USERNAME = 'test@testy.test'
Expand Down Expand Up @@ -123,50 +123,49 @@ def test_verify_no_secret(self):
'no_un={}'.format(SL_USERNAME),
) == VerifiedResult.UNVERIFIED


@pytest.mark.parametrize(
'content, expected_output',
(
@pytest.mark.parametrize(
'content, expected_output',
(
textwrap.dedent("""
--softlayer-username = {}
""")[1:-1].format(
SL_USERNAME,
(
textwrap.dedent("""
--softlayer-username = {}
""")[1:-1].format(
SL_USERNAME,
),
[SL_USERNAME],
),
[SL_USERNAME],
),
# With quotes
(
textwrap.dedent("""
sl_user_id = "{}"
""")[1:-1].format(
SL_USERNAME,
# With quotes
(
textwrap.dedent("""
sl_user_id = "{}"
""")[1:-1].format(
SL_USERNAME,
),
[SL_USERNAME],
),
[SL_USERNAME],
),
# multiple candidates
(
textwrap.dedent("""
softlayer_id = '{}'
sl-user = '{}'
SOFTLAYER_USERID = '{}'
softlayer-uname: {}
""")[1:-1].format(
SL_USERNAME,
'test2@testy.test',
'test3@testy.testy',
'notanemail',
# multiple candidates
(
textwrap.dedent("""
softlayer_id = '{}'
sl-user = '{}'
SOFTLAYER_USERID = '{}'
softlayer-uname: {}
""")[1:-1].format(
SL_USERNAME,
'test2@testy.test',
'test3@testy.testy',
'notanemail',
),
[
SL_USERNAME,
'test2@testy.test',
'test3@testy.testy',
'notanemail',
],
),
[
SL_USERNAME,
'test2@testy.test',
'test3@testy.testy',
'notanemail',
],
),
),
)
def test_get_username(content, expected_output):
assert get_username(content) == expected_output
)
def test_find_username(self, content, expected_output):
assert find_username(content) == expected_output

0 comments on commit da3d9ca

Please sign in to comment.