def test_analyze(self, file_content): logic = KeywordDetector() f = mock_file_object(file_content) output = logic.analyze(f, 'mock_filename') assert len(output) == 1 for potential_secret in output: assert 'mock_filename' == potential_secret.filename
def test_analyze_yaml_negatives(self, file_content, file_extension): logic = KeywordDetector() f = mock_file_object(file_content) output = logic.analyze( f, 'mock_filename{}'.format(file_extension), ) assert len(output) == 0
def test_analyze_objective_c_positives(self, file_content): logic = KeywordDetector() f = mock_file_object(file_content) output = logic.analyze(f, 'mock_filename.m') assert len(output) == 1 for potential_secret in output: assert 'mock_filename.m' == potential_secret.filename assert (potential_secret.secret_hash == PotentialSecret. hash_secret('m{{h}o)p${e]nob(ody[finds>-_$#thisone}}'))
def test_analyze_yaml_negatives(self, file_content, file_extension): logic = KeywordDetector() # Make it start with `{{`, (and end with `}}`) so it hits our false-positive check f = mock_file_object(file_content.replace('m{', '{')) output = logic.analyze( f, 'mock_filename{}'.format(file_extension), ) assert len(output) == 0
def test_analyze_example_negatives(self, file_content): logic = KeywordDetector() # Make it start with `<`, (and end with `>`) so it hits our false-positive check f = mock_file_object( file_content.replace('m{', '<').replace('}', '>'), ) output = logic.analyze( f, 'mock_filename.example', ) assert len(output) == 0
def test_analyze_quotes_required_positives(self, file_content, file_extension): logic = KeywordDetector() f = mock_file_object(file_content) mock_filename = 'mock_filename{}'.format(file_extension) output = logic.analyze(f, mock_filename) assert len(output) == 1 for potential_secret in output: assert mock_filename == potential_secret.filename assert (potential_secret.secret_hash == PotentialSecret. hash_secret('m{{h}o)p${e]nob(ody[finds>-_$#thisone}}'))
def test_analyze_standard_positives_with_automaton(self, file_content): automaton = ahocorasick.Automaton() word = 'thisone' automaton.add_word(word, word) automaton.make_automaton() logic = KeywordDetector(automaton=automaton) f = mock_file_object(file_content) output = logic.analyze(f, 'mock_filename') # All skipped due to automaton assert len(output) == 0
def test_analyze_objective_c_positives(self, file_content): secrets = KeywordDetector().analyze_line(filename='mock_filename.m', line=file_content) assert len(secrets) == 1 assert list(secrets)[ 0].secret_value == 'm{{h}o)p${e]nob(ody[finds>-_$#thisone}}'
class EntropyKeywordCombinator(BasePlugin): secret_type = None def __init__(self, limit: float) -> None: self.high_entropy_scanners = (Base64HighEntropyString(limit=limit), HexHighEntropyString(limit=limit)) self.keyword_scanner = KeywordDetector() def analyze_line(self, filename: str, line: str, line_number: int = 0, **kwargs: Any) -> Set[PotentialSecret]: """ This method first runs the keyword plugin. If it finds a match - it runs the entropy scanners, and if one of the entropy scanners find a match (on a line which was already matched by keyword plugin) - it is returned. """ keyword_matches = self.keyword_scanner.analyze_line( filename, line, line_number, **kwargs) if keyword_matches: for entropy_scanner in self.high_entropy_scanners: matches = entropy_scanner.analyze_line(filename, line, line_number, **kwargs) if matches: return matches return set([]) def analyze_string(self, string: str) -> Generator[str, None, None]: raise NotImplementedError()
def test_analyze_standard_positives_with_automaton(self, file_content): automaton = ahocorasick.Automaton() word = 'thisone' if is_python_2(): # pragma: no cover # Due to pyahocorasick word = word.encode('utf-8') automaton.add_word(word, word) automaton.make_automaton() logic = KeywordDetector(automaton=automaton) f = mock_file_object(file_content) output = logic.analyze(f, 'mock_filename') # All skipped due to automaton assert len(output) == 0
def test_analyze_quotes_required_positives(self, file_content, file_extension): secrets = KeywordDetector().analyze_line( filename='mock_filename{}'.format(file_extension), line=file_content, ) assert len(secrets) == 1 assert list(secrets)[ 0].secret_value == 'm{{h}o)p${e]nob(ody[finds>-_$#thisone}}'
def test_dict_output(self, keyword_exclude, dict_content): detector = KeywordDetector(keyword_exclude) actual = json.dumps( detector.__dict__, sort_keys=True, ) expected = json.dumps( dict_content, sort_keys=True, ) assert actual == expected
def test_keyword(file_extension, line, expected_secret): if not file_extension: secrets = list(scan_line(line)) else: secrets = list( KeywordDetector(keyword_exclude='.*fake.*').analyze_line( filename='mock_filename.{}'.format(file_extension), line=line, ), ) if expected_secret: assert secrets[0].secret_value == expected_secret else: assert not secrets
class EntropyKeywordCombinator(BasePlugin): secret_type = None def __init__(self, limit: float) -> None: self.high_entropy_scanners = (Base64HighEntropyString(limit=limit), HexHighEntropyString(limit=limit)) self.keyword_scanner = KeywordDetector() def analyze_string(self, string: str) -> Generator[str, None, None]: keyword_secrets_generator = self.keyword_scanner.analyze_string(string) potential_entropy_secrets = [] potential_kw_secret = generator_reader_wrapper( keyword_secrets_generator) if not potential_kw_secret: return for entropy_scanner in self.high_entropy_scanners: potential_entropy_secret = generator_reader_wrapper( entropy_scanner.analyze_string(string)) if potential_entropy_secret: self.secret_type = entropy_scanner.secret_type potential_entropy_secrets.append(potential_entropy_secret) if potential_kw_secret and len(potential_entropy_secrets) > 0: yield string
def test_analyze_with_line_exclude(self, file_content): logic = KeywordDetector(keyword_exclude='thisone') f = mock_file_object(file_content) output = logic.analyze(f, 'mock_filename.foo') assert len(output) == 0
def test_analyze_standard_positives(self, file_content): secrets = list(KeywordDetector().analyze_string(file_content)) assert len(secrets) == 1 assert secrets[0] == 'm{{h}o)p${e]nob(ody[finds>-_$#thisone}}'
def test_analyze_php_negatives(self, file_content): logic = KeywordDetector() f = mock_file_object(file_content) output = logic.analyze(f, 'mock_filename.php') assert len(output) == 0
def test_analyze_standard_negatives(self, negative): logic = KeywordDetector() f = mock_file_object(negative) output = logic.analyze(f, 'mock_filename.foo') assert len(output) == 0
def test_analyze_javascript_negatives(self, js_negative): logic = KeywordDetector() f = mock_file_object(js_negative) output = logic.analyze(f, 'mock_filename.js') assert len(output) == 0
def test_analyze_php_negatives(self, secret_starting_with_dollar_sign): logic = KeywordDetector() f = mock_file_object(secret_starting_with_dollar_sign) output = logic.analyze(f, 'mock_filename.php') assert len(output) == 0
def test_analyze_python_negatives(self, secret_with_no_quote): logic = KeywordDetector() f = mock_file_object(secret_with_no_quote) output = logic.analyze(f, 'mock_filename.py') assert len(output) == 0
def __init__(self, limit: float) -> None: self.high_entropy_scanners = (Base64HighEntropyString(limit=limit), HexHighEntropyString(limit=limit)) self.keyword_scanner = KeywordDetector()