def test_analyze(self, file_content):
logic = KeywordDetector()
f = mock_file_object(file_content)
output = logic.analyze(f, 'mock_filename')
assert len(output) == 1
for potential_secret in output:
assert 'mock_filename' == potential_secret.filename
def test_analyze_yaml_negatives(self, file_content, file_extension):
logic = KeywordDetector()
f = mock_file_object(file_content)
output = logic.analyze(
f,
'mock_filename{}'.format(file_extension),
)
assert len(output) == 0
def test_analyze_objective_c_positives(self, file_content):
logic = KeywordDetector()
f = mock_file_object(file_content)
output = logic.analyze(f, 'mock_filename.m')
assert len(output) == 1
for potential_secret in output:
assert 'mock_filename.m' == potential_secret.filename
assert (potential_secret.secret_hash == PotentialSecret.
hash_secret('m{{h}o)p${e]nob(ody[finds>-_$#thisone}}'))
def test_analyze_yaml_negatives(self, file_content, file_extension):
logic = KeywordDetector()
# Make it start with `{{`, (and end with `}}`) so it hits our false-positive check
f = mock_file_object(file_content.replace('m{', '{'))
output = logic.analyze(
f,
'mock_filename{}'.format(file_extension),
)
assert len(output) == 0
def test_analyze_example_negatives(self, file_content):
logic = KeywordDetector()
# Make it start with `<`, (and end with `>`) so it hits our false-positive check
f = mock_file_object(
file_content.replace('m{', '<').replace('}', '>'), )
output = logic.analyze(
f,
'mock_filename.example',
)
assert len(output) == 0
def test_analyze_quotes_required_positives(self, file_content,
file_extension):
logic = KeywordDetector()
f = mock_file_object(file_content)
mock_filename = 'mock_filename{}'.format(file_extension)
output = logic.analyze(f, mock_filename)
assert len(output) == 1
for potential_secret in output:
assert mock_filename == potential_secret.filename
assert (potential_secret.secret_hash == PotentialSecret.
hash_secret('m{{h}o)p${e]nob(ody[finds>-_$#thisone}}'))
def test_analyze_standard_positives_with_automaton(self, file_content):
automaton = ahocorasick.Automaton()
word = 'thisone'
automaton.add_word(word, word)
automaton.make_automaton()
logic = KeywordDetector(automaton=automaton)
f = mock_file_object(file_content)
output = logic.analyze(f, 'mock_filename')
# All skipped due to automaton
assert len(output) == 0
def test_analyze_objective_c_positives(self, file_content):
secrets = KeywordDetector().analyze_line(filename='mock_filename.m',
line=file_content)
assert len(secrets) == 1
assert list(secrets)[
0].secret_value == 'm{{h}o)p${e]nob(ody[finds>-_$#thisone}}'
class EntropyKeywordCombinator(BasePlugin):
secret_type = None
def __init__(self, limit: float) -> None:
self.high_entropy_scanners = (Base64HighEntropyString(limit=limit),
HexHighEntropyString(limit=limit))
self.keyword_scanner = KeywordDetector()
def analyze_line(self,
filename: str,
line: str,
line_number: int = 0,
**kwargs: Any) -> Set[PotentialSecret]:
"""
This method first runs the keyword plugin. If it finds a match - it runs the entropy scanners, and if
one of the entropy scanners find a match (on a line which was already matched by keyword plugin) - it is returned.
"""
keyword_matches = self.keyword_scanner.analyze_line(
filename, line, line_number, **kwargs)
if keyword_matches:
for entropy_scanner in self.high_entropy_scanners:
matches = entropy_scanner.analyze_line(filename, line,
line_number, **kwargs)
if matches:
return matches
return set([])
def analyze_string(self, string: str) -> Generator[str, None, None]:
raise NotImplementedError()
def test_analyze_standard_positives_with_automaton(self, file_content):
automaton = ahocorasick.Automaton()
word = 'thisone'
if is_python_2(): # pragma: no cover
# Due to pyahocorasick
word = word.encode('utf-8')
automaton.add_word(word, word)
automaton.make_automaton()
logic = KeywordDetector(automaton=automaton)
f = mock_file_object(file_content)
output = logic.analyze(f, 'mock_filename')
# All skipped due to automaton
assert len(output) == 0
def test_analyze_quotes_required_positives(self, file_content,
file_extension):
secrets = KeywordDetector().analyze_line(
filename='mock_filename{}'.format(file_extension),
line=file_content,
)
assert len(secrets) == 1
assert list(secrets)[
0].secret_value == 'm{{h}o)p${e]nob(ody[finds>-_$#thisone}}'
def test_dict_output(self, keyword_exclude, dict_content):
detector = KeywordDetector(keyword_exclude)
actual = json.dumps(
detector.__dict__,
sort_keys=True,
)
expected = json.dumps(
dict_content,
sort_keys=True,
)
assert actual == expected
def test_keyword(file_extension, line, expected_secret):
if not file_extension:
secrets = list(scan_line(line))
else:
secrets = list(
KeywordDetector(keyword_exclude='.*fake.*').analyze_line(
filename='mock_filename.{}'.format(file_extension),
line=line,
), )
if expected_secret:
assert secrets[0].secret_value == expected_secret
else:
assert not secrets
class EntropyKeywordCombinator(BasePlugin):
secret_type = None
def __init__(self, limit: float) -> None:
self.high_entropy_scanners = (Base64HighEntropyString(limit=limit),
HexHighEntropyString(limit=limit))
self.keyword_scanner = KeywordDetector()
def analyze_string(self, string: str) -> Generator[str, None, None]:
keyword_secrets_generator = self.keyword_scanner.analyze_string(string)
potential_entropy_secrets = []
potential_kw_secret = generator_reader_wrapper(
keyword_secrets_generator)
if not potential_kw_secret:
return
for entropy_scanner in self.high_entropy_scanners:
potential_entropy_secret = generator_reader_wrapper(
entropy_scanner.analyze_string(string))
if potential_entropy_secret:
self.secret_type = entropy_scanner.secret_type
potential_entropy_secrets.append(potential_entropy_secret)
if potential_kw_secret and len(potential_entropy_secrets) > 0:
yield string
def test_analyze_with_line_exclude(self, file_content):
logic = KeywordDetector(keyword_exclude='thisone')
f = mock_file_object(file_content)
output = logic.analyze(f, 'mock_filename.foo')
assert len(output) == 0
def test_analyze_standard_positives(self, file_content):
secrets = list(KeywordDetector().analyze_string(file_content))
assert len(secrets) == 1
assert secrets[0] == 'm{{h}o)p${e]nob(ody[finds>-_$#thisone}}'
def test_analyze_php_negatives(self, file_content):
logic = KeywordDetector()
f = mock_file_object(file_content)
output = logic.analyze(f, 'mock_filename.php')
assert len(output) == 0
def test_analyze_standard_negatives(self, negative):
logic = KeywordDetector()
f = mock_file_object(negative)
output = logic.analyze(f, 'mock_filename.foo')
assert len(output) == 0
def test_analyze_javascript_negatives(self, js_negative):
logic = KeywordDetector()
f = mock_file_object(js_negative)
output = logic.analyze(f, 'mock_filename.js')
assert len(output) == 0
def test_analyze_php_negatives(self, secret_starting_with_dollar_sign):
logic = KeywordDetector()
f = mock_file_object(secret_starting_with_dollar_sign)
output = logic.analyze(f, 'mock_filename.php')
assert len(output) == 0
def test_analyze_python_negatives(self, secret_with_no_quote):
logic = KeywordDetector()
f = mock_file_object(secret_with_no_quote)
output = logic.analyze(f, 'mock_filename.py')
assert len(output) == 0
def __init__(self, limit: float) -> None:
self.high_entropy_scanners = (Base64HighEntropyString(limit=limit),
HexHighEntropyString(limit=limit))
self.keyword_scanner = KeywordDetector()
