def _perform_scan(args): old_baseline = _get_existing_baseline(args.import_filename) # Plugins are *always* rescanned with fresh settings, because # we want to get the latest updates. plugins = initialize.from_parser_builder(args.plugins) # Favors --exclude argument over existing baseline's regex (if exists) if args.exclude: args.exclude = args.exclude[0] elif old_baseline and old_baseline.get('exclude_regex'): args.exclude = old_baseline['exclude_regex'] # If we have knowledge of an existing baseline file, we should use # that knowledge and *not* scan that file. if args.import_filename and args.exclude: args.exclude += r'|^{}$'.format(args.import_filename[0]) new_baseline = baseline.initialize( plugins, args.exclude, args.path, args.all_files, ).format_for_baseline_output() if old_baseline: new_baseline = baseline.merge_baseline( old_baseline, new_baseline, ) return new_baseline
def _perform_scan(args, plugins): old_baseline = _get_existing_baseline(args.import_filename) # Favors --exclude argument over existing baseline's regex (if exists) if args.exclude: args.exclude = args.exclude[0] elif old_baseline and old_baseline.get('exclude_regex'): args.exclude = old_baseline['exclude_regex'] # If we have knowledge of an existing baseline file, we should use # that knowledge and *not* scan that file. if args.import_filename: payload = '^{}$'.format(args.import_filename[0]) if args.exclude and payload not in args.exclude: args.exclude += r'|{}'.format(payload) elif not args.exclude: args.exclude = payload new_baseline = baseline.initialize( plugins, args.exclude, args.path, args.all_files, ).format_for_baseline_output() if old_baseline: new_baseline = baseline.merge_baseline( old_baseline, new_baseline, ) return new_baseline
def _perform_scan(args): old_baseline = _get_existing_baseline(args) # Plugins are *always* rescanned with fresh settings, because # we want to get the latest updates. plugins = initialize.from_parser_builder(args.plugins) # Favors --exclude argument over existing baseline's regex (if exists) if args.exclude: args.exclude = args.exclude[0] elif old_baseline and old_baseline.get('exclude_regex'): args.exclude = old_baseline['exclude_regex'] new_baseline = baseline.initialize( plugins, args.exclude, args.scan, ).format_for_baseline_output() if old_baseline: new_baseline = baseline.merge_baseline( old_baseline, new_baseline, ) return new_baseline
def _perform_scan(args): old_baseline = _get_existing_baseline(args) # Plugins are *always* rescanned with fresh settings, because # we want to get the latest updates. plugins = initialize.from_parser_builder(args.plugins) # Favors --exclude argument over existing baseline's regex (if exists) if args.exclude: args.exclude = args.exclude[0] elif old_baseline and old_baseline.get('exclude_regex'): args.exclude = old_baseline['exclude_regex'] new_baseline = baseline.initialize( plugins, args.exclude, args.scan, ).format_for_baseline_output() if old_baseline: new_baseline = baseline.merge_baseline( old_baseline, new_baseline, ) return new_baseline
def _perform_scan(args, plugins, automaton, word_list_hash): """ :param args: output of `argparse.ArgumentParser.parse_args` :param plugins: tuple of initialized plugins :type automaton: ahocorasick.Automaton|None :param automaton: optional automaton for ignoring certain words. :type word_list_hash: str|None :param word_list_hash: optional iterated sha1 hash of the words in the word list. :rtype: dict """ old_baseline = _get_existing_baseline(args.import_filename) if old_baseline: plugins = initialize.merge_plugins_from_baseline( _get_plugins_from_baseline(old_baseline), args, automaton=automaton, ) # Favors CLI arguments over existing baseline configuration if old_baseline: if not args.exclude_files: args.exclude_files = _get_exclude_files(old_baseline) if (not args.exclude_lines and old_baseline.get('exclude')): args.exclude_lines = old_baseline['exclude']['lines'] if (not args.word_list_file and old_baseline.get('word_list')): args.word_list_file = old_baseline['word_list']['file'] if (not args.custom_plugin_paths and old_baseline.get('custom_plugin_paths')): args.custom_plugin_paths = old_baseline['custom_plugin_paths'] # If we have knowledge of an existing baseline file, we should use # that knowledge and add it to our exclude_files regex. if args.import_filename: _add_baseline_to_exclude_files(args) new_baseline = baseline.initialize( path=args.path, plugins=plugins, custom_plugin_paths=args.custom_plugin_paths, exclude_files_regex=args.exclude_files, exclude_lines_regex=args.exclude_lines, word_list_file=args.word_list_file, word_list_hash=word_list_hash, should_scan_all_files=args.all_files, ).format_for_baseline_output() if old_baseline: new_baseline = baseline.merge_baseline( old_baseline, new_baseline, ) return new_baseline
def _perform_scan(args, plugins): """ :param args: output of `argparse.ArgumentParser.parse_args` :param plugins: tuple of initialized plugins :rtype: dict """ old_baseline = _get_existing_baseline(args.import_filename) if old_baseline: plugins = initialize.merge_plugin_from_baseline( _get_plugin_from_baseline(old_baseline), args, ) # Favors `--exclude-files` and `--exclude-lines` CLI arguments # over existing baseline's regexes (if given) if old_baseline: if not args.exclude_files: args.exclude_files = _get_exclude_files(old_baseline) if ( not args.exclude_lines and old_baseline.get('exclude') ): args.exclude_lines = old_baseline['exclude']['lines'] # If we have knowledge of an existing baseline file, we should use # that knowledge and add it to our exclude_files regex. if args.import_filename: _add_baseline_to_exclude_files(args) new_baseline = baseline.initialize( plugins=plugins, exclude_files_regex=args.exclude_files, exclude_lines_regex=args.exclude_lines, path=args.path, scan_all_files=args.all_files, ).format_for_baseline_output() if old_baseline: new_baseline = baseline.merge_baseline( old_baseline, new_baseline, ) return new_baseline
def test_copies_is_secret_label_accurately(self): assert merge_baseline( { 'results': { 'filenameA': [ # Old has label, but new does not. { 'hashed_secret': 'a', 'is_secret': False, 'line_number': 1, 'type': 'Test Type', }, # Both old and new have label { 'hashed_secret': 'b', 'is_secret': True, 'line_number': 2, 'type': 'Test Type', }, ], 'filenameB': [ # Only new has label { 'hashed_secret': 'c', 'line_number': 3, 'type': 'Test Type', }, # Both don't have labels { 'hashed_secret': 'd', 'line_number': 4, 'type': 'Test Type', }, ], }, }, { 'results': { 'filenameA': [ { 'hashed_secret': 'a', 'line_number': 1, 'type': 'Test Type', }, { 'hashed_secret': 'b', 'is_secret': False, 'line_number': 2, 'type': 'Test Type', }, ], 'filenameB': [ { 'hashed_secret': 'c', 'is_secret': False, 'line_number': 3, 'type': 'Test Type', }, { 'hashed_secret': 'd', 'line_number': 4, 'type': 'Test Type', }, ], }, }, ) == { 'results': { 'filenameA': [ { 'hashed_secret': 'a', 'is_secret': False, 'line_number': 1, 'type': 'Test Type', }, { 'hashed_secret': 'b', 'is_secret': False, 'line_number': 2, 'type': 'Test Type', }, ], 'filenameB': [ { 'hashed_secret': 'c', 'is_secret': False, 'line_number': 3, 'type': 'Test Type', }, { 'hashed_secret': 'd', 'line_number': 4, 'type': 'Test Type', }, ], }, } pass
def test_copies_is_secret_label_accurately(self): assert merge_baseline( { 'results': { 'filenameA': [ # Old has label, but new does not. { 'hashed_secret': 'a', 'is_secret': False, 'line_number': 1, 'type': 'Test Type', }, # Both old and new have label { 'hashed_secret': 'b', 'is_secret': True, 'line_number': 2, 'type': 'Test Type', }, ], 'filenameB': [ # Only new has label { 'hashed_secret': 'c', 'line_number': 3, 'type': 'Test Type', }, # Both don't have labels { 'hashed_secret': 'd', 'line_number': 4, 'type': 'Test Type', }, ], }, }, { 'results': { 'filenameA': [ { 'hashed_secret': 'a', 'line_number': 1, 'type': 'Test Type', }, { 'hashed_secret': 'b', 'is_secret': False, 'line_number': 2, 'type': 'Test Type', }, ], 'filenameB': [ { 'hashed_secret': 'c', 'is_secret': False, 'line_number': 3, 'type': 'Test Type', }, { 'hashed_secret': 'd', 'line_number': 4, 'type': 'Test Type', }, ], }, }, ) == { 'results': { 'filenameA': [ { 'hashed_secret': 'a', 'is_secret': False, 'line_number': 1, 'type': 'Test Type', }, { 'hashed_secret': 'b', 'is_secret': False, 'line_number': 2, 'type': 'Test Type', }, ], 'filenameB': [ { 'hashed_secret': 'c', 'is_secret': False, 'line_number': 3, 'type': 'Test Type', }, { 'hashed_secret': 'd', 'line_number': 4, 'type': 'Test Type', }, ], }, } pass