def test_audit_display_results(self, filename, expected_output): with mock_stdin(), mock_printer(main_module, ) as printer_shim: main(['scan', filename]) baseline = printer_shim.message baseline_dict = json.loads(baseline) with mock.patch( 'detect_secrets.core.audit._get_baseline_from_file', return_value=baseline_dict, ), mock_printer(audit_module, ) as printer_shim: main(['audit', '--display-results', 'MOCKED']) assert json.loads(uncolor( printer_shim.message))['plugins'] == expected_output
def test_scan_string_basic( self, mock_baseline_initialize, string, expected_base64_result, expected_hex_result, ): with mock_stdin( string, ), mock_printer( main_module, ) as printer_shim: assert main('scan --string'.split()) == 0 assert uncolor(printer_shim.message) == textwrap.dedent( """ AWSKeyDetector : False ArtifactoryDetector : False Base64HighEntropyString: {} BasicAuthDetector : False HexHighEntropyString : {} JwtTokenDetector : False KeywordDetector : False MailchimpDetector : False PrivateKeyDetector : False SlackDetector : False StripeDetector : False """.format( expected_base64_result, expected_hex_result, ), )[1:] mock_baseline_initialize.assert_not_called()
def test_saves_to_baseline(): # We create an empty baseline, with customized settings. # This way, we expect the engine to use the settings configured by the baseline, # but have the results replaced by the new scan. with transient_settings({ 'plugins_used': [ { 'name': 'Base64HighEntropyString', 'limit': 4.5, }, ], }): secrets = SecretsCollection() old_secrets = baseline.format_for_output(secrets) with mock_printer( main_module) as printer, tempfile.NamedTemporaryFile() as f: baseline.save_to_file(old_secrets, f.name) f.seek(0) # We also test setting the root directory through this test. main_module.main(['scan', 'test_data', '--baseline', f.name]) f.seek(0) new_secrets = json.loads(f.read()) assert not secrets.exactly_equals( baseline.load(new_secrets, f.name)) assert new_secrets['plugins_used'] == [ { 'name': 'Base64HighEntropyString', 'limit': 4.5, }, ] assert not printer.message
def test_audit_display_results(self, filename, expected_output): with mock_stdin(), mock_printer(main_module, ) as printer_shim: wrap_detect_secrets_main('scan ' + filename) baseline = printer_shim.message baseline_dict = json.loads(baseline) baseline_dict['custom_plugin_paths'] = tuple( baseline_dict['custom_plugin_paths']) with mock.patch( 'detect_secrets.core.audit._get_baseline_from_file', return_value=baseline_dict, ), mock_printer(audit_module, ) as printer_shim: wrap_detect_secrets_main('audit --display-results MOCKED') assert json.loads(uncolor( printer_shim.message))['plugins'] == expected_output
def test_scan_string_cli_overrides_stdin(self): with mock_stdin('012345678ab', ), mock_printer( main_module, ) as printer_shim: assert main('scan --string 012345'.split()) == 0 assert printer_shim.message == textwrap.dedent(""" Base64HighEntropyString: False (2.585) BasicAuthDetector : False HexHighEntropyString : False (2.121) PrivateKeyDetector : False """)[1:]
def test_scan_string_cli_overrides_stdin(self): with mock_stdin('012345678ab', ), mock_printer( main_module, ) as printer_shim: assert main('scan --string 012345'.split()) == 0 assert uncolor(printer_shim.message) == get_plugin_report({ 'Base64HighEntropyString': 'False (2.585)', 'HexHighEntropyString': 'False (2.121)', })
def test_audit_short_file(self, filename, expected_output): with mock_stdin(), mock_printer( # To extract the baseline output main_module, ) as printer_shim: main(['scan', filename]) baseline = printer_shim.message baseline_dict = json.loads(baseline) with mock_stdin(), mock.patch( # To pipe in printer_shim 'detect_secrets.core.audit._get_baseline_from_file', return_value=baseline_dict, ), mock.patch( # We don't want to clear the pytest testing screen 'detect_secrets.core.audit._clear_screen', ), mock.patch( # Gotta mock it, because tests aren't interactive 'detect_secrets.core.audit._get_user_decision', return_value='s', ), mock.patch( # We don't want to write an actual file 'detect_secrets.core.audit.write_baseline_to_file', ), mock_printer( audit_module, ) as printer_shim: main('audit will_be_mocked'.split()) assert uncolor(printer_shim.message) == textwrap.dedent(""" Secret: 1 of 1 Filename: {} Secret Type: {} ---------- {} ---------- Saving progress... """)[1:].format( filename, baseline_dict['results'][filename][0]['type'], expected_output, )
def test_scan_string_basic(self, mock_baseline_initialize): with mock_stdin('012345678ab', ), mock_printer( main_module, ) as printer_shim: assert main('scan --string'.split()) == 0 assert printer_shim.message == textwrap.dedent(""" Base64HighEntropyString: False (3.459) BasicAuthDetector : False HexHighEntropyString : True (3.459) PrivateKeyDetector : False """)[1:] mock_baseline_initialize.assert_not_called()
def test_cli_overrides_stdin(): with transient_settings({ 'plugins_used': [ { 'name': 'AWSKeyDetector', }, ], }), mock_stdin('AKIATESTTESTTESTTEST', ), mock_printer( main_module) as printer: assert main_module.main(['scan', '--string', 'blah']) == 0 assert printer.message.strip() == 'AWSKeyDetector: False'
def test_adheres_to_verification_policies(args, verified_result, should_be_present): with register_plugin(MockPlugin(verified_result=verified_result), ), mock_printer(main_module) as printer: main_module.main(['scan', '--string', 'fake-secret', *args]) for line in printer.message.splitlines(): plugin_name, result = [x.strip() for x in line.split(':')] if plugin_name != 'MockPlugin': continue assert should_be_present == result.startswith('True')
def test_works_from_different_directory(): with tempfile.TemporaryDirectory() as d: subprocess.call(['git', '-C', d, 'init']) with open(os.path.join(d, 'credentials.yaml'), 'w') as f: f.write('secret: asxeqFLAGMEfxuwma!') subprocess.check_output( ['git', '-C', d, 'add', 'credentials.yaml']) with mock_printer(main_module) as printer: assert main_module.main(['-C', d, 'scan']) == 0 results = json.loads(printer.message)['results'] assert results
def test_supports_stdin(): with transient_settings({ 'plugins_used': [ { 'name': 'AWSKeyDetector', }, ], }), mock_stdin('AKIATESTTESTTESTTEST', ), mock_printer( main_module) as printer, disable_gibberish_filter(): assert main_module.main(['scan', '--string']) == 0 assert printer.message.strip( ) == 'AWSKeyDetector: True (unverified)'
def test_audit_first_line(self, filename, expected_output): BashColor.disable_color() with mock_stdin(), mock_printer( # To extract the baseline output main_module, ) as printer_shim: main(['--scan', filename]) baseline = printer_shim.message with mock_stdin(), mock.patch( # To pipe in printer_shim 'detect_secrets.core.audit._get_baseline_from_file', return_value=json.loads(baseline), ), mock.patch( # We don't want to clear the pytest testing screen 'detect_secrets.core.audit._clear_screen', ), mock.patch( # Gotta mock it, because tests aren't interactive 'detect_secrets.core.audit._get_user_decision', return_value='s', ), mock.patch( # We don't want to write an actual file 'detect_secrets.core.audit._save_baseline_to_file', ), mock_printer(audit_module, ) as printer_shim: main('--audit will_be_mocked'.split()) assert printer_shim.message == textwrap.dedent(""" Secrets Left: 1/1 Filename: {} ---------- {} ---------- Saving progress... """)[1:].format( filename, expected_output, ) BashColor.enable_color()
def test_only_displays_result_if_actual_secret(): with mock_printer(main_module) as printer: main_module.main([ 'scan', '--only-allowlisted', '--disable-plugin', 'KeywordDetector', 'test_data/config.ini', ]) output = json.loads(printer.message) # The only allowlisted item in this is an entirely numerical string, so this # should not be detected. assert not output['results']
def test_scan_string_cli_overrides_stdin(self): with mock_stdin('012345678ab', ), mock_printer( main_module, ) as printer_shim: assert main('scan --string 012345'.split()) == 0 assert uncolor(printer_shim.message) == textwrap.dedent(""" AWSKeyDetector : False ArtifactoryDetector : False Base64HighEntropyString: False (2.585) BasicAuthDetector : False HexHighEntropyString : False (2.121) KeywordDetector : False PrivateKeyDetector : False SlackDetector : False StripeDetector : False """)[1:]
def test_scan_string_basic( self, mock_baseline_initialize, string, expected_base64_result, expected_hex_result, ): with mock_stdin(string, ), mock_printer(main_module, ) as printer_shim: assert main('scan --string'.split()) == 0 assert uncolor(printer_shim.message) == get_plugin_report({ 'Base64HighEntropyString': expected_base64_result, 'HexHighEntropyString': expected_hex_result, }) mock_baseline_initialize.assert_not_called()
def test_basic(mock_log): with mock_printer(main_module) as printer: main_module.main(['scan', '--only-allowlisted', 'test_data/config.yaml']) output = json.loads(printer.message) assert len(output['results']) == 1 # Baseline carries this configuration. assert 'detect_secrets.filters.allowlist.is_line_allowlisted' not in { item['path'] for item in output['filters_used'] } with tempfile.NamedTemporaryFile() as f, mock.patch( 'detect_secrets.audit.io.get_user_decision', return_value='s', ): f.write(printer.message.encode()) f.seek(0) main_module.main(['audit', f.name]) assert 'Nothing to audit' not in mock_log.info_messages
def test_basic(): with mock_printer(main_module) as printer: main_module.main(['scan', '--slim', 'test_data']) assert 'generated_at' not in printer.message assert 'line_number' not in printer.message
def test_list_all_plugins(): with mock_printer(main_module) as printer: assert main_module.main(['scan', '--list-all-plugins']) == 0 assert printer.message
def test_outputs_baseline_if_none_supplied(): with mock_printer(main_module) as printer: main_module.main(['scan']) assert printer.message
def test_audit_same_file(self): with mock_printer(main_module) as printer_shim: assert main('audit --diff .secrets.baseline .secrets.baseline'. split()) == 0 assert printer_shim.message.strip() == ( 'No difference, because it\'s the same file!')
def printer(): printer = PrinterShim() with mock_printer(main_module, shim=printer), mock_printer(io, shim=printer): yield printer