def setup(self):
super(TestBase64HighEntropyStrings, self).setup(
# Testing default limit, as suggested by truffleHog.
Base64HighEntropyString(4.5),
'c3VwZXIgc2VjcmV0IHZhbHVl', # too short for high entropy
'c3VwZXIgbG9uZyBzdHJpbmcgc2hvdWxkIGNhdXNlIGVub3VnaCBlbnRyb3B5',
)
def test_ini_file(self):
# We're testing two files here, because we want to make sure that
# the HighEntropyStrings regex is reset back to normal after
# scanning the ini file.
filenames = [
'test_data/config.ini',
'test_data/files/file_with_secrets.py',
]
plugin = Base64HighEntropyString(3)
accumulated_secrets = {}
for filename in filenames:
with open(filename) as f:
accumulated_secrets.update(
plugin.analyze(f, filename),
)
count = 0
for secret in accumulated_secrets.values():
location = str(secret).splitlines()[1]
assert location in (
'Location: test_data/config.ini:2',
'Location: test_data/config.ini:6',
'Location: test_data/config.ini:10',
'Location: test_data/config.ini:15',
'Location: test_data/config.ini:21',
'Location: test_data/config.ini:22',
'Location: test_data/files/file_with_secrets.py:3',
)
count += 1
assert count == 7
def test_env_file(self):
plugin = Base64HighEntropyString(4.5)
with open('test_data/config.env') as f:
secrets = plugin.analyze(f, 'test_data/config.env')
assert len(secrets.values()) == 1
for secret in secrets.values():
location = str(secret).splitlines()[1]
assert location in ('Location: test_data/config.env:1', )
def setup(self):
super(TestBase64HighEntropyStrings, self).setup(
# Testing default limit, as suggested by truffleHog.
logic=Base64HighEntropyString(
base64_limit=4.5,
exclude_lines_regex='CanonicalUser',
),
non_secret_string='c3VwZXIgc2VjcmV0IHZhbHVl', # too short for high entropy
secret_string='c3VwZXIgbG9uZyBzdHJpbmcgc2hvdWxkIGNhdXNlIGVub3VnaCBlbnRyb3B5',
)
def setup(self):
super(TestUrlSafeBase64HighEntropyStrings, self).setup(
# Testing default limit, as suggested by truffleHog.
logic=Base64HighEntropyString(
base64_limit=4.5,
exclude_lines_regex='CanonicalUser',
),
non_secret_string='Zrm-ySTAq7D2sHk=', # too short for high entropy
secret_string='I6FwzQZFL9l-44nviI1F04OTmorMaVQf9GS4Oe07qxL_vNkW6CRas4Lo42vqJMT0M6riJfma_f-pTAuoX2U=', # noqa: E501
)
def test_yaml_file(self):
plugin = Base64HighEntropyString(3)
with open('test_data/config.yaml') as f:
secrets = plugin.analyze(f, 'test_data/config.yaml')
assert len(secrets.values()) == 2
for secret in secrets.values():
location = str(secret).splitlines()[1]
assert location in (
'Location: test_data/config.yaml:3',
'Location: test_data/config.yaml:5',
)
def test_yaml_file(self):
plugin = Base64HighEntropyString(
base64_limit=3,
exclude_lines_regex='CanonicalUser',
)
with open('test_data/config.yaml') as f:
secrets = plugin.analyze(f, 'test_data/config.yaml')
assert len(secrets.values()) == 2
for secret in secrets.values():
location = str(secret).splitlines()[1]
assert location in (
'Location: test_data/config.yaml:3',
'Location: test_data/config.yaml:6',
)
def test_ini_file(self, filename, secrets):
# We're testing two files here, because we want to make sure that
# the HighEntropyStrings regex is reset back to normal after
# scanning the ini file.
plugin = Base64HighEntropyString(3)
accumulated_secrets = {}
with codecs.open(filename, encoding='utf-8') as f:
accumulated_secrets.update(plugin.analyze(f, filename), )
count = 0
for secret in accumulated_secrets.values():
location = str(secret).splitlines()[1]
assert location in secrets
count += 1
assert count == len(secrets)
def setup(self):
self.plugins = (
Base64HighEntropyString(4.5),
HexHighEntropyString(3),
)
def test_entropy_upper_limit(self):
with pytest.raises(ValueError):
Base64HighEntropyString(15)
def __init__(self, limit: float) -> None:
self.high_entropy_scanners = (Base64HighEntropyString(limit=limit),
HexHighEntropyString(limit=limit))
self.keyword_scanner = KeywordDetector()
