def cli(arguments=None):
# Parse CLI arguments
args = parse_args(arguments)
# Show information
if args.info:
exit(cli_info())
# Default response
if not args.src:
exit(cli_parser().print_help())
# Clear output file
if args.output:
args.output = Path(args.output)
args.output.write_text("")
# Configure execution
configure_log()
if args.config:
args.config = load_config(args.config, src=args.src)
# Valar margulis
for secret in run(args):
format_stdout(secret, args.output)
# Clean up
cleanup_log()
def cli():
# Parse CLI arguments
args_parser = ArgumentParser("whispers", description=("Identify secrets and dangerous behaviours"))
args_parser.add_argument("-v", "--version", action="version", version=f"whispers {__version__}")
args_parser.add_argument("-c", "--config", default=None, help="config file")
args_parser.add_argument("-o", "--output", help="output file (.yml)")
args_parser.add_argument("src", nargs="?", help="source code file or directory")
args = args_parser.parse_args()
# Default response
if not args.src:
exit(args_parser.print_help())
# Clear output file
if args.output:
args.output = Path(args.output)
args.output.write_text("")
# Configure execution
configure_log()
if args.config:
args.config = load_config(args.config, src=args.src)
# Valar margulis
for secret in run(args.src, config=args.config):
format_stdout(secret, args.output)
def test_include_files():
args = parse_args([fixture_path()])
args.config = core.load_config(config_path("include_files.yml"), FIXTURE_PATH)
secrets = core.run(args)
assert next(secrets).value == "hardcoded"
with pytest.raises(StopIteration):
next(secrets)
def test_exclude_files():
args = parse_args([fixture_path()])
args.config = core.load_config(config_path("exclude_files.yml"),
FIXTURE_PATH)
secrets = core.run(args)
with pytest.raises(StopIteration):
next(secrets)
def test_detection_by_key(src, keys):
args = parse_args([fixture_path(src)])
secrets = core.run(args)
for key in keys:
assert next(secrets).key == key
with pytest.raises(StopIteration):
next(secrets)
def test_exclude_by_keys_and_values(configfile, src):
args = parse_args([fixture_path(src)])
args.config = core.load_config(config_path(configfile), FIXTURE_PATH)
secrets = core.run(args)
assert next(secrets).key == "hardcoded_password"
with pytest.raises(StopIteration):
next(secrets)
def test_detection_by_value(src, count):
secrets = core.run(fixture_path(src))
for _ in range(count):
value = next(secrets).value.lower()
if value.isnumeric():
value = bytes.fromhex(hex(int(value))[2:]).decode("ascii")
assert "hardcoded" in value
with pytest.raises(StopIteration):
next(secrets)
def cli():
# Parse CLI arguments
args = parse_args()
# Valar margulis
for secret in run(args):
format_stdout(secret, args.output)
# Clean up
cleanup_log()
def test_detection_by_value(src, count):
args = parse_args([fixture_path(src)])
args.config = core.load_config(
CONFIG_PATH.joinpath("detection_by_value.yml"))
secrets = core.run(args)
for _ in range(count):
value = next(secrets).value.lower()
if value.isnumeric():
continue
assert "hardcoded" in value
with pytest.raises(StopIteration):
next(secrets)
def test_detection_by_filename():
expected = map(
fixture_path,
[
".aws/credentials",
".htpasswd",
".npmrc",
".pypirc",
"connection.config",
"integration.conf",
"pip.conf",
"settings.cfg",
"settings.conf",
"settings.env",
"settings.ini",
],
)
config = core.load_config(CONFIG_PATH.joinpath("detection_by_filename.yml"))
secrets = core.run(fixture_path(""), config)
result = [secret.value for secret in secrets]
for exp in expected:
assert exp in result
def test_detection_by_key(src, keys):
secrets = core.run(fixture_path(src))
for key in keys:
assert next(secrets).key == key
with pytest.raises(StopIteration):
next(secrets)
def test_run(filename, expectation):
with expectation:
args = parse_args([filename])
next(core.run(args))
def test_find_line_number(src, linenumbers):
secrets = core.run(fixture_path(src))
for number in linenumbers:
assert next(secrets).line == number
def test_find_line_number_all(src, linenumbers):
args = parse_args([fixture_path(src)])
secrets = core.run(args)
for number in linenumbers:
assert next(secrets).line == number
def test_exclude_files():
config = core.load_config(config_path("exclude_files.yml"), FIXTURE_PATH)
secrets = core.run(FIXTURE_PATH, config=config)
with pytest.raises(StopIteration):
next(secrets)
def test_include_files():
config = core.load_config(config_path("include_files.yml"), FIXTURE_PATH)
secrets = core.run(FIXTURE_PATH, config=config)
assert next(secrets).value == "hardcoded"
with pytest.raises(StopIteration):
next(secrets)
def test_core_exception(filename, exception):
with pytest.raises(exception):
next(core.run(filename))
