def test_saves_to_baseline(): # We create an empty baseline, with customized settings. # This way, we expect the engine to use the settings configured by the baseline, # but have the results replaced by the new scan. with transient_settings({ 'plugins_used': [ { 'name': 'Base64HighEntropyString', 'limit': 4.5, }, ], }): secrets = SecretsCollection() old_secrets = baseline.format_for_output(secrets) with mock_printer( main_module) as printer, tempfile.NamedTemporaryFile() as f: baseline.save_to_file(old_secrets, f.name) f.seek(0) # We also test setting the root directory through this test. main_module.main(['scan', 'test_data', '--baseline', f.name]) f.seek(0) new_secrets = json.loads(f.read()) assert not secrets.exactly_equals( baseline.load(new_secrets, f.name)) assert new_secrets['plugins_used'] == [ { 'name': 'Base64HighEntropyString', 'limit': 4.5, }, ] assert not printer.message
def test_strict_equality(): secret = potential_secret_factory() secretsA = SecretsCollection() secretsA[secret.filename].add(secret) secret = potential_secret_factory(line_number=2) secretsB = SecretsCollection() secretsB[secret.filename].add(secret) assert secretsA == secretsB assert not secretsA.exactly_equals(secretsB)
def should_update_baseline( secrets: SecretsCollection, scanned_results: SecretsCollection, filelist: List[str], baseline_version: str, ) -> bool: """ :returns: True if changes occurred. """ original = SecretsCollection.load_from_baseline( {'results': secrets.json()}) secrets.trim(scanned_results=scanned_results, filelist=filelist) if baseline_version != VERSION: return True if not secrets.exactly_equals(original): return True return False