def cli(arguments=None): # Parse CLI arguments args = parse_args(arguments) # Show information if args.info: exit(cli_info()) # Default response if not args.src: exit(cli_parser().print_help()) # Clear output file if args.output: args.output = Path(args.output) args.output.write_text("") # Configure execution configure_log() if args.config: args.config = load_config(args.config, src=args.src) # Valar margulis for secret in run(args): format_stdout(secret, args.output) # Clean up cleanup_log()
def cli(): # Parse CLI arguments args_parser = ArgumentParser("whispers", description=("Identify secrets and dangerous behaviours")) args_parser.add_argument("-v", "--version", action="version", version=f"whispers {__version__}") args_parser.add_argument("-c", "--config", default=None, help="config file") args_parser.add_argument("-o", "--output", help="output file (.yml)") args_parser.add_argument("src", nargs="?", help="source code file or directory") args = args_parser.parse_args() # Default response if not args.src: exit(args_parser.print_help()) # Clear output file if args.output: args.output = Path(args.output) args.output.write_text("") # Configure execution configure_log() if args.config: args.config = load_config(args.config, src=args.src) # Valar margulis for secret in run(args.src, config=args.config): format_stdout(secret, args.output)
def test_include_files(): args = parse_args([fixture_path()]) args.config = core.load_config(config_path("include_files.yml"), FIXTURE_PATH) secrets = core.run(args) assert next(secrets).value == "hardcoded" with pytest.raises(StopIteration): next(secrets)
def test_exclude_files(): args = parse_args([fixture_path()]) args.config = core.load_config(config_path("exclude_files.yml"), FIXTURE_PATH) secrets = core.run(args) with pytest.raises(StopIteration): next(secrets)
def test_detection_by_key(src, keys): args = parse_args([fixture_path(src)]) secrets = core.run(args) for key in keys: assert next(secrets).key == key with pytest.raises(StopIteration): next(secrets)
def test_exclude_by_keys_and_values(configfile, src): args = parse_args([fixture_path(src)]) args.config = core.load_config(config_path(configfile), FIXTURE_PATH) secrets = core.run(args) assert next(secrets).key == "hardcoded_password" with pytest.raises(StopIteration): next(secrets)
def test_detection_by_value(src, count): secrets = core.run(fixture_path(src)) for _ in range(count): value = next(secrets).value.lower() if value.isnumeric(): value = bytes.fromhex(hex(int(value))[2:]).decode("ascii") assert "hardcoded" in value with pytest.raises(StopIteration): next(secrets)
def cli(): # Parse CLI arguments args = parse_args() # Valar margulis for secret in run(args): format_stdout(secret, args.output) # Clean up cleanup_log()
def test_detection_by_value(src, count): args = parse_args([fixture_path(src)]) args.config = core.load_config( CONFIG_PATH.joinpath("detection_by_value.yml")) secrets = core.run(args) for _ in range(count): value = next(secrets).value.lower() if value.isnumeric(): continue assert "hardcoded" in value with pytest.raises(StopIteration): next(secrets)
def test_detection_by_filename(): expected = map( fixture_path, [ ".aws/credentials", ".htpasswd", ".npmrc", ".pypirc", "connection.config", "integration.conf", "pip.conf", "settings.cfg", "settings.conf", "settings.env", "settings.ini", ], ) config = core.load_config(CONFIG_PATH.joinpath("detection_by_filename.yml")) secrets = core.run(fixture_path(""), config) result = [secret.value for secret in secrets] for exp in expected: assert exp in result
def test_detection_by_key(src, keys): secrets = core.run(fixture_path(src)) for key in keys: assert next(secrets).key == key with pytest.raises(StopIteration): next(secrets)
def test_run(filename, expectation): with expectation: args = parse_args([filename]) next(core.run(args))
def test_find_line_number(src, linenumbers): secrets = core.run(fixture_path(src)) for number in linenumbers: assert next(secrets).line == number
def test_find_line_number_all(src, linenumbers): args = parse_args([fixture_path(src)]) secrets = core.run(args) for number in linenumbers: assert next(secrets).line == number
def test_exclude_files(): config = core.load_config(config_path("exclude_files.yml"), FIXTURE_PATH) secrets = core.run(FIXTURE_PATH, config=config) with pytest.raises(StopIteration): next(secrets)
def test_include_files(): config = core.load_config(config_path("include_files.yml"), FIXTURE_PATH) secrets = core.run(FIXTURE_PATH, config=config) assert next(secrets).value == "hardcoded" with pytest.raises(StopIteration): next(secrets)
def test_core_exception(filename, exception): with pytest.raises(exception): next(core.run(filename))