def write_reqs(filename: str, command: str):
result = execute_get_text(command)
lines = result.split("\n")
with open(filename, "w") as output_reqs:
for i, line in enumerate(lines):
if "Courtesy Notice:" not in line:
output_reqs.writelines(
[line + ("\n" if i != len(lines) - 1 else "")])
def detect_secrets():
"""
Call detect-secrets tool
"""
# use
# blah blah = "foo" # pragma: whitelist secret
# to ignore a false posites
errors_file = "detect-secrets-results.txt"
print(execute_get_text("pwd"))
command = (
"{0} detect-secrets --scan --base64-limit 4 --exclude .idea|.js|.min.js|.html|.xsd|"
"lock.json|synced_folders|.scss|Pipfile.lock|"
"lint.txt|{1}".format(PIPENV, errors_file).strip())
print(command)
bash_process = subprocess.Popen(
command.split(" "),
# shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
foo = bash_process.wait()
out, err = bash_process.communicate() # wait
with open(errors_file, "w+") as file_handle:
if len(out) == 0:
print(
"Warning- no output from detect secrets. Happens with git hook, but not from ordinary command line."
)
return
file_handle.write(out.decode())
with open(errors_file) as f:
try:
data = json.load(f)
except Exception:
print("Can't read json")
exit(-1)
return
if data["results"]:
for result in data["results"]:
print(result)
print(
"detect-secrets has discovered high entropy strings, possibly passwords?"
)
exit(-1)
def formatting():
with safe_cd(SRC):
if sys.version_info < (3, 6):
print("Black doesn't work on python 2")
return
command = "{0} black {1}".format(PIPENV, PROJECT_NAME).strip()
print(command)
result = execute_get_text(command)
assert result
changed = []
for line in result.split("\n"):
if "reformatted " in line:
file = line[len("reformatted "):].strip()
changed.append(file)
for change in changed:
command = "git add {0}".format(change)
print(command)
execute(*(command.split(" ")))