def test_plugin_from_old_baseline_respected_with_update_flag(
self,
mock_baseline_initialize,
plugins_used,
plugins_overwriten,
plugins_wrote,
):
with mock_stdin(), mock.patch(
'detect_secrets.main._read_from_file',
return_value={
'plugins_used': plugins_used,
'results': {},
'version': VERSION,
'exclude': {
'files': '',
'lines': '',
},
},
), mock.patch(
# We don't want to be creating a file during test
'detect_secrets.main.write_baseline_to_file', ) as file_writer:
assert wrap_detect_secrets_main(
'scan --update old_baseline_file {}'.format(
plugins_overwriten, ), ) == 0
assert (file_writer.call_args[1]['data']['plugins_used'] ==
plugins_wrote)
def test_audit_display_results(self, filename, expected_output):
with mock_stdin(), mock_printer(main_module, ) as printer_shim:
wrap_detect_secrets_main('scan ' + filename)
baseline = printer_shim.message
baseline_dict = json.loads(baseline)
baseline_dict['custom_plugin_paths'] = tuple(
baseline_dict['custom_plugin_paths'])
with mock.patch(
'detect_secrets.core.audit._get_baseline_from_file',
return_value=baseline_dict,
), mock_printer(audit_module, ) as printer_shim:
wrap_detect_secrets_main('audit --display-results MOCKED')
assert json.loads(uncolor(
printer_shim.message))['plugins'] == expected_output
def test_reads_from_stdin(self, mock_merge_baseline):
with mock_stdin(json.dumps({'key': 'value'})):
assert wrap_detect_secrets_main('scan') == 0
mock_merge_baseline.assert_called_once_with(
{'key': 'value'},
Any(dict),
)
def test_scan_string_cli_overrides_stdin(self):
with mock_stdin('012345678ab', ), mock_printer(
main_module, ) as printer_shim:
assert wrap_detect_secrets_main('scan --string 012345') == 0
assert uncolor(printer_shim.message) == get_plugin_report({
'Base64HighEntropyString':
'False (2.585)',
'HexHighEntropyString':
'False (2.121)',
})
def test_audit_short_file(self, filename, expected_output):
with mock_stdin(), mock_printer(
# To extract the baseline output
main_module, ) as printer_shim:
wrap_detect_secrets_main('scan ' + filename)
baseline = printer_shim.message
baseline_dict = json.loads(baseline)
baseline_dict['custom_plugin_paths'] = tuple(
baseline_dict['custom_plugin_paths'])
with mock_stdin(), mock.patch(
# To pipe in printer_shim
'detect_secrets.core.audit._get_baseline_from_file',
return_value=baseline_dict,
), mock.patch(
# We don't want to clear the pytest testing screen
'detect_secrets.core.audit._clear_screen', ), mock.patch(
# Gotta mock it, because tests aren't interactive
'detect_secrets.core.audit._get_user_decision',
return_value='s',
), mock.patch(
# We don't want to write an actual file
'detect_secrets.core.audit.write_baseline_to_file',
), mock_printer(audit_module, ) as printer_shim:
wrap_detect_secrets_main('audit will_be_mocked')
assert uncolor(printer_shim.message) == textwrap.dedent("""
Secret: 1 of 1
Filename: {}
Secret Type: {}
----------
{}
----------
Saving progress...
""")[1:].format(
filename,
baseline_dict['results'][filename][0]['type'],
expected_output,
)
def test_scan_with_rootdir(self, mock_baseline_initialize):
with mock_stdin():
assert wrap_detect_secrets_main('scan test_data') == 0
mock_baseline_initialize.assert_called_once_with(
plugins=Any(tuple),
custom_plugin_paths=Any(tuple),
exclude_files_regex=None,
exclude_lines_regex=None,
path=['test_data'],
should_scan_all_files=False,
word_list_file=None,
word_list_hash=None,
)
def test_scan_with_all_files_flag(self, mock_baseline_initialize):
with mock_stdin():
assert wrap_detect_secrets_main('scan --all-files') == 0
mock_baseline_initialize.assert_called_once_with(
plugins=Any(tuple),
custom_plugin_paths=Any(tuple),
exclude_files_regex=None,
exclude_lines_regex=None,
path='.',
should_scan_all_files=True,
word_list_file=None,
word_list_hash=None,
)
def test_scan_with_exclude_args(self, mock_baseline_initialize):
with mock_stdin():
assert wrap_detect_secrets_main(
'scan --exclude-files some_pattern_here --exclude-lines other_patt',
) == 0
mock_baseline_initialize.assert_called_once_with(
plugins=Any(tuple),
custom_plugin_paths=Any(tuple),
exclude_files_regex='some_pattern_here',
exclude_lines_regex='other_patt',
path='.',
should_scan_all_files=False,
word_list_file=None,
word_list_hash=None,
)
def test_reads_old_baseline_from_file(self, mock_merge_baseline):
with mock_stdin(), mock.patch(
'detect_secrets.main._read_from_file',
return_value={'key': 'value'},
) as m_read, mock.patch(
'detect_secrets.main.write_baseline_to_file', ) as m_write:
assert wrap_detect_secrets_main(
'scan --update old_baseline_file') == 0
assert m_read.call_args[0][0] == 'old_baseline_file'
assert m_write.call_args[1]['filename'] == 'old_baseline_file'
assert m_write.call_args[1]['data'] == Any(dict)
mock_merge_baseline.assert_called_once_with(
{'key': 'value'},
Any(dict),
)
def test_scan_string_basic(
self,
mock_baseline_initialize,
string,
expected_base64_result,
expected_hex_result,
):
with mock_stdin(string, ), mock_printer(main_module, ) as printer_shim:
assert wrap_detect_secrets_main('scan --string') == 0
assert uncolor(printer_shim.message) == get_plugin_report({
'Base64HighEntropyString':
expected_base64_result,
'HexHighEntropyString':
expected_hex_result,
})
mock_baseline_initialize.assert_not_called()
def test_old_baseline_ignored_with_update_flag(
self,
mock_baseline_initialize,
exclude_files_arg,
expected_regex,
):
with mock_stdin(), mock.patch(
'detect_secrets.main._read_from_file',
return_value={},
), mock.patch(
# We don't want to be creating a file during test
'detect_secrets.main.write_baseline_to_file', ) as file_writer:
assert wrap_detect_secrets_main(
'scan --update old_baseline_file {}'.format(
exclude_files_arg, ), ) == 0
assert (file_writer.call_args[1]['data']['exclude']['files'] ==
expected_regex)
def test_audit_same_file(self):
with mock_printer(main_module) as printer_shim:
assert wrap_detect_secrets_main(
'audit --diff .secrets.baseline .secrets.baseline') == 0
assert printer_shim.message.strip() == (
'No difference, because it\'s the same file!')
def test_audit_diff_not_enough_files(self):
assert wrap_detect_secrets_main('audit --diff fileA') == 1