def test_secret_at_top_of_file(self, mock_printer):
with self.mock_open(
start_line=1,
secret_line=1,
end_line=6,
line_containing_secret='-----BEGIN PRIVATE KEY-----',
):
self.run_logic(secret_lineno=1, )
test = textwrap.dedent("""
Secret: 1 of 2
Filename: filenameA
Secret Type: Private Key
----------
1:-----BEGIN PRIVATE KEY-----
2:e
3:d
4:c
5:b
6:a
----------
{}
----------
""").format(POTENTIAL_SECRET_DETECTED_NOTE)[1:-1]
print(mock_printer.message)
print(test)
assert uncolor(mock_printer.message) == textwrap.dedent("""
Secret: 1 of 2
Filename: filenameA
Secret Type: Private Key
----------
1:-----BEGIN PRIVATE KEY-----
2:e
3:d
4:c
5:b
6:a
----------
{}
----------
""").format(POTENTIAL_SECRET_DETECTED_NOTE)[1:-1]
def test_version_check_out_of_date():
responses.add(
responses.GET,
(
'https://detect-secrets-client-version.s3.us-south.'
'cloud-object-storage.appdomain.cloud/version'
),
status=200,
body='1000000.0.0+ibm.0',
)
with mock.patch('detect_secrets.util.sys.stderr', new=StringIO()) as fakeErr:
util.version_check()
stderr = fakeErr.getvalue().strip()
expected_error_msg = 'WARNING: You are running an outdated version of detect-secrets.\n' + \
' Your version: %s\n' % VERSION + \
' Latest version: 1000000.0.0+ibm.0\n' + \
' See upgrade guide at ' + \
'https://ibm.biz/detect-secrets-how-to-upgrade\n'
assert expected_error_msg == uncolor(stderr)
def test_scan_string_basic(
self,
mock_baseline_initialize,
string,
expected_base64_result,
expected_hex_result,
):
with mock_stdin(
string,
), mock_printer(
main_module,
) as printer_shim:
assert main('scan --string'.split()) == 0
assert uncolor(printer_shim.message) == get_plugin_report({
'Base64HighEntropyString': expected_base64_result,
'HexHighEntropyString': expected_hex_result,
})
mock_baseline_initialize.assert_not_called()
def test_secret_not_found(self, mock_printer):
with self.mock_open(), pytest.raises(
audit.SecretNotFoundOnSpecifiedLineError, ):
self.run_logic(secret=potential_secret_factory(
type_='Private Key',
filename='filenameA',
secret='BEGIN RSA PRIVATE KEY',
lineno=15,
).json(), )
assert uncolor(mock_printer.message) == textwrap.dedent("""
Secret: 1 of 2
Filename: filenameA
Secret Type: Private Key
----------
ERROR: Secret not found on line 15!
Try recreating your baseline to fix this issue.
----------
""")[1:-1]
def test_scan_string_cli_overrides_stdin(self):
with mock_stdin(
'012345678ab',
), mock_printer(
main_module,
) as printer_shim:
assert main('scan --string 012345'.split()) == 0
assert uncolor(printer_shim.message) == textwrap.dedent("""
AWSKeyDetector : False
ArtifactoryDetector : False
Base64HighEntropyString: False (2.585)
BasicAuthDetector : False
HexHighEntropyString : False (2.121)
JwtTokenDetector : False
KeywordDetector : False
MailchimpDetector : False
PrivateKeyDetector : False
SlackDetector : False
StripeDetector : False
""")[1:]
def test_audit_short_file(self, filename, expected_output):
with mock_stdin(), mock_printer(
# To extract the baseline output
main_module,
) as printer_shim:
main(['scan', filename])
baseline = printer_shim.message
baseline_dict = json.loads(baseline)
with mock_stdin(), mock.patch(
# To pipe in printer_shim
'detect_secrets.core.audit._get_baseline_from_file',
return_value=baseline_dict,
), mock.patch(
# We don't want to clear the pytest testing screen
'detect_secrets.core.audit._clear_screen',
), mock.patch(
# Gotta mock it, because tests aren't interactive
'detect_secrets.core.audit._get_user_decision',
return_value='s',
), mock.patch(
# We don't want to write an actual file
'detect_secrets.core.audit.write_baseline_to_file',
), mock_printer(
audit_module,
) as printer_shim:
main('audit will_be_mocked'.split())
assert uncolor(printer_shim.message) == textwrap.dedent("""
Secret: 1 of 1
Filename: {}
Secret Type: {}
----------
{}
----------
Saving progress...
""")[1:].format(
filename,
baseline_dict['results'][filename][0]['type'],
expected_output,
)
def test_multiple_failures(self, mock_client):
with nicer_output():
assert uncolor(
formatter.format_results([
self.mock_result(
{
'operation_id': 'post_one',
'id': 1,
},
test_results={
'IDORPlugin': True,
},
client=mock_client,
),
self.mock_result(
{
'operation_id': 'get_two',
},
{
'operation_id': 'post_one',
'id': 2,
},
test_results={
'IDORPlugin': True,
},
client=mock_client,
),
]), ) == textwrap.dedent("""
Test Failures
test.post_one [IDORPlugin]
Request Sequence:
[
"curl -X POST http://localhost:80/test/post_one --data 'id=1'"
]
test.post_one [IDORPlugin]
Request Sequence:
[
"curl -X GET http://localhost:80/test/get_two",
"curl -X POST http://localhost:80/test/post_one --data 'id=2'"
]
""")[1:]
def test_basic(self, mock_client):
with nicer_output():
assert uncolor(
formatter.format_results([
self.mock_result(
{
'operation_id': 'get_one',
'id': 1,
},
test_results={
'IDORPlugin': True,
},
client=mock_client,
),
]), ) == textwrap.dedent("""
Test Failures
test.get_one [IDORPlugin]
Request Sequence:
[
"curl -X GET http://localhost:80/test/get_one?id=1"
]
""")[1:]
def test_hex_high_entropy_secret_in_yaml_file(self, mock_printer):
with self.mock_open(
line_containing_secret='api key: 123456789a',
):
self.run_logic(
secret=potential_secret_factory(
type_='Hex High Entropy String',
filename='filenameB',
secret='123456789a',
lineno=15,
),
settings=[
{
'name': 'HexHighEntropyString',
'hex_limit': 3,
},
],
)
assert uncolor(mock_printer.message) == textwrap.dedent("""
Secret: 1 of 2
Filename: filenameB
Secret Type: Hex High Entropy String
----------
10:a
11:b
12:c
13:d
14:e
15:api key: 123456789a
16:e
17:d
18:c
19:b
20:a
----------
""")[1:-1]
def test_scan_string_basic(
self,
mock_baseline_initialize,
string,
expected_base64_result,
expected_hex_result,
):
with mock_stdin(string, ), mock_printer(main_module, ) as printer_shim:
assert main('scan --string'.split()) == 0
assert uncolor(printer_shim.message) == textwrap.dedent("""
AWSKeyDetector : False
Base64HighEntropyString: {}
BasicAuthDetector : False
HexHighEntropyString : {}
KeywordDetector : False
PrivateKeyDetector : False
SlackDetector : False
""".format(
expected_base64_result,
expected_hex_result,
))[1:]
mock_baseline_initialize.assert_not_called()
def test_keyword_secret_in_yaml_file(self, mock_printer):
with self.mock_open(
line_containing_secret='api_key: yerba',
):
self.run_logic(
secret=potential_secret_factory(
type_='Secret Keyword',
filename='filenameB',
secret='yerba',
lineno=15,
),
settings=[
{
'name': 'KeywordDetector',
},
],
)
assert uncolor(mock_printer.message) == textwrap.dedent("""
Secret: 1 of 2
Filename: filenameB
Secret Type: Secret Keyword
----------
10:a
11:b
12:c
13:d
14:e
15:api_key: yerba
16:e
17:d
18:c
19:b
20:a
----------
""")[1:-1]
def test_logging_output(self, mock_client):
result = self.mock_result(
{
'operation_id': 'get_one',
},
test_results={
'IDORPlugin': True,
},
client=mock_client,
)
result.log_output = 'hello'
with nicer_output():
assert uncolor(formatter.format_results([result
])) == textwrap.dedent("""
Test Failures
test.get_one [IDORPlugin]
Request Sequence:
[
"curl -X GET http://localhost:80/test/get_one"
]
Captured log calls
hello
""")[1:]
def test_format_summary(args, expected):
with nicer_output():
assert uncolor(formatter.format_summary(*args), ) == expected
