def test_analyze(self, file_content, should_flag):
logic = AWSKeyDetector()
f = mock_file_object(file_content)
output = logic.analyze(f, 'mock_filename')
assert len(output) == (1 if should_flag else 0)
for potential_secret in output:
assert 'mock_filename' == potential_secret.filename
def test_verify_no_secret(self):
logic = AWSKeyDetector()
assert logic.verify(
self.example_key,
get_code_snippet([], 1),
) == VerifiedResult.UNVERIFIED
assert logic.verify(
EXAMPLE_SECRET,
get_code_snippet([], 1),
) == VerifiedResult.UNVERIFIED
def test_verify_keep_trying_until_found_something(self):
data = {'count': 0}
def counter(*args, **kwargs):
output = data['count']
data['count'] += 1
return bool(output)
with mock.patch(
'detect_secrets.plugins.aws.verify_aws_secret_access_key',
counter,
):
potential_secret = PotentialSecret('test aws', 'test filename',
self.example_key)
assert AWSKeyDetector().verify(
self.example_key,
textwrap.dedent("""
false_secret = {}
real_secret = {}
""")[1:-1].format(
'TEST' * 10,
EXAMPLE_SECRET,
),
potential_secret,
) == VerifiedResult.VERIFIED_TRUE
assert potential_secret.other_factors[
'secret_access_key'] == EXAMPLE_SECRET
def test_verify_invalid_secret(self):
with mock.patch(
'detect_secrets.plugins.aws.verify_aws_secret_access_key',
return_value=False,
):
assert AWSKeyDetector().verify(
self.example_key,
'={}'.format(EXAMPLE_SECRET),
) == VerifiedResult.VERIFIED_FALSE
def test_verify_valid_secret(self):
with mock.patch(
'detect_secrets.plugins.aws.verify_aws_secret_access_key',
return_value=True,
):
assert AWSKeyDetector().verify(
self.example_key,
get_code_snippet(['={}'.format(EXAMPLE_SECRET)], 1),
) == VerifiedResult.VERIFIED_TRUE
def test_verify_invalid_secret(self):
with mock.patch(
'detect_secrets.plugins.aws.verify_aws_secret_access_key',
return_value=False,
) as mock_verify:
potential_secret = PotentialSecret('test aws', 'test filename', self.example_key)
assert AWSKeyDetector().verify(
self.example_key,
'={}'.format(EXAMPLE_SECRET),
potential_secret,
) == VerifiedResult.VERIFIED_FALSE
mock_verify.assert_called_with(self.example_key, EXAMPLE_SECRET)
def test_verify_keep_trying_until_found_something(self):
data = {'count': 0}
def counter(*args, **kwargs):
output = data['count']
data['count'] += 1
return bool(output)
with mock.patch(
'detect_secrets.plugins.aws.verify_aws_secret_access_key',
counter,
):
assert AWSKeyDetector().verify(
self.example_key,
get_code_snippet(
[
f'false_secret = {"TEST" * 10}',
f'real_secret = {EXAMPLE_SECRET}',
],
1,
),
) == VerifiedResult.VERIFIED_TRUE
def test_verify_no_secret(self):
logic = AWSKeyDetector()
assert logic.verify(self.example_key, '') == VerifiedResult.UNVERIFIED
assert logic.verify(EXAMPLE_SECRET, '') == VerifiedResult.UNVERIFIED
def test_analyze(self, line, should_flag):
logic = AWSKeyDetector()
output = logic.analyze_line(filename='mock_filename', line=line)
assert len(output) == (1 if should_flag else 0)