def test_deleted_secret(self): new_findings = secrets_collection_factory([ { 'secret': 'secret', 'lineno': 2, }, ]) baseline = secrets_collection_factory([ { 'secret': 'deleted_secret', 'lineno': 1, }, { 'secret': 'secret', 'lineno': 2, }, ]) is_successful = trim_baseline_of_removed_secrets( new_findings, baseline, ['filename'], ) assert is_successful assert len(baseline.data) == 1 assert next(iter(baseline.data['filename'])).lineno == 2
def test_no_baseline_modifications(self, results_dict, baseline_dict): new_findings = secrets_collection_factory([results_dict]) baseline = secrets_collection_factory([baseline_dict]) assert not trim_baseline_of_removed_secrets( new_findings, baseline, ['filename'], )
def main(argv=None): args = parse_args(argv) if args.verbose: # pragma: no cover log.set_debug_level(args.verbose) try: # If baseline is provided, we first want to make sure # it's valid, before doing any further computation. baseline_collection = get_baseline(args.baseline[0]) except (IOError, ValueError): # Error logs handled within logic. return 1 plugins = initialize.from_parser_builder(args.plugins) results = find_secrets_in_files(args, plugins) if baseline_collection: original_results = results results = get_secrets_not_in_baseline( results, baseline_collection, ) if len(results.data) > 0: pretty_print_diagnostics(results) return 1 if not baseline_collection: return 0 # Only attempt baseline modifications if we don't find any new secrets baseline_modified = trim_baseline_of_removed_secrets( original_results, baseline_collection, args.filenames, ) if VERSION != baseline_collection.version: baseline_collection.plugins = plugins baseline_collection.version = VERSION baseline_modified = True if baseline_modified: write_baseline_to_file( filename=args.baseline[0], data=baseline_collection.format_for_baseline_output(), ) log.error( 'The baseline file was updated.\n' 'Probably to keep line numbers of secrets up-to-date.\n' 'Please `git add {}`, thank you.\n\n'.format(args.baseline[0]), ) return 1 return 0
def test_deleted_secret_file(self): new_findings = secrets_collection_factory() baseline = secrets_collection_factory([ { 'filename': 'filename', }, ]) is_successful = trim_baseline_of_removed_secrets( new_findings, baseline, [ # This is in baseline, but not in results, so # it should be deleted from baseline. 'filename', ], ) assert is_successful assert len(baseline.data) == 0
def main(argv=sys.argv[1:]): args = parse_args(argv) if args.verbose: # pragma: no cover log.set_debug_level(args.verbose) try: # If baseline is provided, we first want to make sure # it's valid, before doing any further computation. baseline_collection = get_baseline(args.baseline[0]) except (IOError, TypeError, ValueError): # Error logs handled within logic. return 1 automaton = None word_list_hash = None if args.word_list_file: automaton, word_list_hash = build_automaton(args.word_list_file) plugins = initialize.from_parser_builder( plugins_dict=args.plugins, custom_plugin_paths=args.custom_plugin_paths, exclude_lines_regex=args.exclude_lines, automaton=automaton, should_verify_secrets=not args.no_verify, ) # Merge plugins from baseline if baseline_collection: plugins = initialize.merge_plugins_from_baseline( baseline_plugins=baseline_collection.plugins, args=args, automaton=automaton, ) baseline_collection.plugins = plugins results = find_secrets_in_files(args, plugins) if baseline_collection: original_results = results results = get_secrets_not_in_baseline( results, baseline_collection, ) if len(results.data) > 0: pretty_print_diagnostics(results) return 1 if not baseline_collection: return 0 # Only attempt baseline modifications if we don't find any new secrets baseline_modified = trim_baseline_of_removed_secrets( original_results, baseline_collection, args.filenames, ) if VERSION != baseline_collection.version: baseline_collection.version = VERSION baseline_modified = True # adding this line as we don't want the modification of baseline file. baseline_modified = False if baseline_modified: write_baseline_to_file( filename=args.baseline[0], data=baseline_collection.format_for_baseline_output(), ) log.error( 'The baseline file was updated.\n' 'Probably to keep line numbers of secrets up-to-date.\n' 'Please `git add {}`, thank you.\n\n'.format(args.baseline[0]), ) return 3 return 0
def main(argv=None): version_check() args = parse_args(argv) if args.verbose: # pragma: no cover log.set_debug_level(args.verbose) try: # If baseline is provided, we first want to make sure # it's valid, before doing any further computation. baseline_collection = get_baseline( args.baseline[0], plugin_filenames=args.plugin_filenames, ) except (IOError, TypeError, ValueError): # Error logs handled within logic. return 1 automaton = None word_list_hash = None if args.word_list_file: automaton, word_list_hash = build_automaton(args.word_list_file) plugins = initialize.from_parser_builder( args.plugins, exclude_lines_regex=args.exclude_lines, automaton=automaton, should_verify_secrets=not args.no_verify, plugin_filenames=args.plugin_filenames, ) # Merge plugins from baseline if baseline_collection: plugins = initialize.merge_plugins_from_baseline( baseline_collection.plugins, args, automaton, ) baseline_collection.plugins = plugins results_collection = find_secrets_in_files(args, plugins) if baseline_collection: original_results_collection = results_collection results_collection = get_secrets_not_in_baseline( results_collection, baseline_collection, ) if len(results_collection.data) > 0: pretty_print_diagnostics_for_new_secrets(results_collection) return 1 # if no baseline been supplied if not baseline_collection: return 0 # Only attempt baseline modifications if we don't find any new secrets baseline_modified = trim_baseline_of_removed_secrets( original_results_collection, baseline_collection, args.filenames, ) if VERSION != baseline_collection.version: baseline_collection.version = VERSION baseline_modified = True if baseline_modified: write_baseline_to_file( filename=args.baseline[0], data=baseline_collection.format_for_baseline_output(), ) log.error( 'The baseline file was updated.\n' 'Probably to keep line numbers of secrets up-to-date.\n' 'Please `git add {}`, thank you.\n\n'.format(args.baseline[0]), ) return 3 # check if there are verified but haven't been audited secrets verified_non_audited = get_verified_non_audited_secrets_from_baseline( baseline_collection, ) if len(verified_non_audited.data) > 0: pretty_print_diagnostics_for_verified_non_audited(verified_non_audited) return 2 # check if there are non-audited secrets if args.fail_on_non_audited: non_audited = get_non_audited_secrets_from_baseline( baseline_collection, ) if len(non_audited.data) > 0: pretty_print_diagnostics_for_non_audited(non_audited) return 4 return 0