def main(argv=None):
if len(sys.argv) == 1: # pragma: no cover
sys.argv.append('-h')
args = parse_args(argv)
if args.verbose: # pragma: no cover
log.set_debug_level(args.verbose)
if args.action == 'scan':
# Plugins are *always* rescanned with fresh settings, because
# we want to get the latest updates.
plugins = initialize.from_parser_builder(args.plugins)
if args.string:
line = args.string
if isinstance(args.string, bool):
line = sys.stdin.read().splitlines()[0]
_scan_string(line, plugins)
else:
baseline_dict = _perform_scan(
args,
plugins,
)
if args.import_filename:
write_baseline_to_file(
filename=args.import_filename[0],
data=baseline_dict,
)
else:
print(baseline.format_baseline_for_output(baseline_dict, ), )
elif args.action == 'audit':
if not args.diff:
audit.audit_baseline(args.filename[0])
return 0
if len(args.filename) != 2:
print(
'Must specify two files to compare!',
file=sys.stderr,
)
return 1
try:
audit.compare_baselines(args.filename[0], args.filename[1])
except audit.RedundantComparisonError:
print(
'No difference, because it\'s the same file!',
file=sys.stderr,
)
return 0
def main(argv=None):
args = parse_args(argv)
if args.verbose: # pragma: no cover
log.set_debug_level(args.verbose)
try:
# If baseline is provided, we first want to make sure
# it's valid, before doing any further computation.
baseline_collection = get_baseline(args.baseline[0])
except (IOError, ValueError):
# Error logs handled within logic.
return 1
plugins = initialize.from_parser_builder(args.plugins)
results = find_secrets_in_files(args, plugins)
if baseline_collection:
original_results = results
results = get_secrets_not_in_baseline(
results,
baseline_collection,
)
if len(results.data) > 0:
pretty_print_diagnostics(results)
return 1
if not baseline_collection:
return 0
# Only attempt baseline modifications if we don't find any new secrets
baseline_modified = trim_baseline_of_removed_secrets(
original_results,
baseline_collection,
args.filenames,
)
if VERSION != baseline_collection.version:
baseline_collection.plugins = plugins
baseline_collection.version = VERSION
baseline_modified = True
if baseline_modified:
write_baseline_to_file(
filename=args.baseline[0],
data=baseline_collection.format_for_baseline_output(),
)
log.error(
'The baseline file was updated.\n'
'Probably to keep line numbers of secrets up-to-date.\n'
'Please `git add {}`, thank you.\n\n'.format(args.baseline[0]), )
return 1
return 0
def main(argv=sys.argv[1:]):
if len(sys.argv) == 1: # pragma: no cover
sys.argv.append('--help')
args = parse_args(argv)
if args.verbose: # pragma: no cover
log.set_debug_level(args.verbose)
if args.action == 'scan':
automaton = None
word_list_hash = None
if args.word_list_file:
automaton, word_list_hash = build_automaton(args.word_list_file)
# Plugins are *always* rescanned with fresh settings, because
# we want to get the latest updates.
plugins = initialize.from_parser_builder(
plugins_dict=args.plugins,
custom_plugin_paths=args.custom_plugin_paths,
exclude_lines_regex=args.exclude_lines,
automaton=automaton,
should_verify_secrets=not args.no_verify,
)
if args.string:
line = args.string
if isinstance(args.string, bool):
line = sys.stdin.read().splitlines()[0]
_scan_string(line, plugins)
else:
baseline_dict = _perform_scan(
args,
plugins,
automaton,
word_list_hash,
)
if args.import_filename:
write_baseline_to_file(
filename=args.import_filename[0],
data=baseline_dict,
)
else:
print(baseline.format_baseline_for_output(baseline_dict, ), )
elif args.action == 'audit':
if not args.diff and not args.display_results:
audit.audit_baseline(args.filename[0])
return 0
if args.display_results:
audit.print_audit_results(args.filename[0])
return 0
if len(args.filename) != 2:
print(
'Must specify two files to compare!',
file=sys.stderr,
)
return 1
try:
audit.compare_baselines(args.filename[0], args.filename[1])
except audit.RedundantComparisonError:
print(
'No difference, because it\'s the same file!',
file=sys.stderr,
)
return 0
def audit_baseline(baseline_filename):
original_baseline = _get_baseline_from_file(baseline_filename)
if not original_baseline:
return
files_removed = _remove_nonexistent_files_from_baseline(original_baseline)
all_secrets = list(_secret_generator(original_baseline))
secrets_with_choices = [
(filename, secret) for filename, secret in all_secrets
if 'is_secret' not in secret
]
total_choices = len(secrets_with_choices)
secret_iterator = BidirectionalIterator(secrets_with_choices)
current_secret_index = 0
for filename, secret in secret_iterator:
_clear_screen()
current_secret_index += 1
try:
_print_context(
filename=filename,
secret=secret,
count=current_secret_index,
total=total_choices,
plugins_used=original_baseline['plugins_used'],
custom_plugin_paths=original_baseline['custom_plugin_paths'],
)
decision = _get_user_decision(can_step_back=secret_iterator.can_step_back())
except SecretNotFoundOnSpecifiedLineError:
decision = _get_user_decision(
prompt_secret_decision=False,
can_step_back=secret_iterator.can_step_back(),
)
if decision == 'q':
print('Quitting...')
break
if decision == 'b':
current_secret_index -= 2
secret_iterator.step_back_on_next_iteration()
_handle_user_decision(decision, secret)
if current_secret_index == 0 and not files_removed:
print('Nothing to audit!')
return
print('Saving progress...')
results = defaultdict(list)
for filename, secret in all_secrets:
results[filename].append(secret)
original_baseline['results'] = merge_results(
original_baseline['results'],
dict(results),
)
write_baseline_to_file(
filename=baseline_filename,
data=original_baseline,
)
def main(argv=sys.argv[1:]):
args = parse_args(argv)
if args.verbose: # pragma: no cover
log.set_debug_level(args.verbose)
try:
# If baseline is provided, we first want to make sure
# it's valid, before doing any further computation.
baseline_collection = get_baseline(args.baseline[0])
except (IOError, TypeError, ValueError):
# Error logs handled within logic.
return 1
automaton = None
word_list_hash = None
if args.word_list_file:
automaton, word_list_hash = build_automaton(args.word_list_file)
plugins = initialize.from_parser_builder(
plugins_dict=args.plugins,
custom_plugin_paths=args.custom_plugin_paths,
exclude_lines_regex=args.exclude_lines,
automaton=automaton,
should_verify_secrets=not args.no_verify,
)
# Merge plugins from baseline
if baseline_collection:
plugins = initialize.merge_plugins_from_baseline(
baseline_plugins=baseline_collection.plugins,
args=args,
automaton=automaton,
)
baseline_collection.plugins = plugins
results = find_secrets_in_files(args, plugins)
if baseline_collection:
original_results = results
results = get_secrets_not_in_baseline(
results,
baseline_collection,
)
if len(results.data) > 0:
pretty_print_diagnostics(results)
return 1
if not baseline_collection:
return 0
# Only attempt baseline modifications if we don't find any new secrets
baseline_modified = trim_baseline_of_removed_secrets(
original_results,
baseline_collection,
args.filenames,
)
if VERSION != baseline_collection.version:
baseline_collection.version = VERSION
baseline_modified = True
# adding this line as we don't want the modification of baseline file.
baseline_modified = False
if baseline_modified:
write_baseline_to_file(
filename=args.baseline[0],
data=baseline_collection.format_for_baseline_output(),
)
log.error(
'The baseline file was updated.\n'
'Probably to keep line numbers of secrets up-to-date.\n'
'Please `git add {}`, thank you.\n\n'.format(args.baseline[0]), )
return 3
return 0
def main(argv=None):
version_check()
args = parse_args(argv)
if args.verbose: # pragma: no cover
log.set_debug_level(args.verbose)
try:
# If baseline is provided, we first want to make sure
# it's valid, before doing any further computation.
baseline_collection = get_baseline(
args.baseline[0],
plugin_filenames=args.plugin_filenames,
)
except (IOError, TypeError, ValueError):
# Error logs handled within logic.
return 1
automaton = None
word_list_hash = None
if args.word_list_file:
automaton, word_list_hash = build_automaton(args.word_list_file)
plugins = initialize.from_parser_builder(
args.plugins,
exclude_lines_regex=args.exclude_lines,
automaton=automaton,
should_verify_secrets=not args.no_verify,
plugin_filenames=args.plugin_filenames,
)
# Merge plugins from baseline
if baseline_collection:
plugins = initialize.merge_plugins_from_baseline(
baseline_collection.plugins,
args,
automaton,
)
baseline_collection.plugins = plugins
results_collection = find_secrets_in_files(args, plugins)
if baseline_collection:
original_results_collection = results_collection
results_collection = get_secrets_not_in_baseline(
results_collection,
baseline_collection,
)
if len(results_collection.data) > 0:
pretty_print_diagnostics_for_new_secrets(results_collection)
return 1
# if no baseline been supplied
if not baseline_collection:
return 0
# Only attempt baseline modifications if we don't find any new secrets
baseline_modified = trim_baseline_of_removed_secrets(
original_results_collection,
baseline_collection,
args.filenames,
)
if VERSION != baseline_collection.version:
baseline_collection.version = VERSION
baseline_modified = True
if baseline_modified:
write_baseline_to_file(
filename=args.baseline[0],
data=baseline_collection.format_for_baseline_output(),
)
log.error(
'The baseline file was updated.\n'
'Probably to keep line numbers of secrets up-to-date.\n'
'Please `git add {}`, thank you.\n\n'.format(args.baseline[0]),
)
return 3
# check if there are verified but haven't been audited secrets
verified_non_audited = get_verified_non_audited_secrets_from_baseline(
baseline_collection,
)
if len(verified_non_audited.data) > 0:
pretty_print_diagnostics_for_verified_non_audited(verified_non_audited)
return 2
# check if there are non-audited secrets
if args.fail_on_non_audited:
non_audited = get_non_audited_secrets_from_baseline(
baseline_collection,
)
if len(non_audited.data) > 0:
pretty_print_diagnostics_for_non_audited(non_audited)
return 4
return 0
