def test_no_baseline_modifications(self, results_dict, baseline_dict): new_findings = secrets_collection_factory([results_dict]) baseline = secrets_collection_factory([baseline_dict]) assert not update_baseline_with_removed_secrets( new_findings, baseline, ['filename'], )
def test_nothing_new(self): # We want a secret, but just a default secret (no overriding parameters) new_findings = secrets_collection_factory([{}]) baseline = secrets_collection_factory([{}]) results = get_secrets_not_in_baseline(new_findings, baseline) # No expected results, because everything filtered out by baseline assert len(results.data) == 0 # Make sure that baseline didn't get modified either assert len(baseline.data) == 1 assert next(iter(baseline.data['filename'])).lineno == 1
def test_new_file(self): new_findings = secrets_collection_factory([{ 'filename': 'filename1', }]) baseline = secrets_collection_factory([{ 'filename': 'filename2', }]) backup_baseline = baseline.data.copy() results = get_secrets_not_in_baseline(new_findings, baseline) assert len(results.data) == 1 assert 'filename1' in results.data assert baseline.data == backup_baseline
def test_success_single_plugin(self): logic = secrets_collection_factory(plugins=(MockPluginFixedValue(), )) with mock_open('junk text here, as it does not matter'): assert logic.scan_file('filename') assert 'filename' in logic.data assert next(iter( logic.data['filename'])).type == 'mock fixed value type'
def test_rolled_creds(self): """Same line, different secret""" new_findings = secrets_collection_factory([{ 'secret': 'secret_new', }]) baseline = secrets_collection_factory([{ 'secret': 'secret', }]) backup_baseline = baseline.data.copy() results = get_secrets_not_in_baseline(new_findings, baseline) assert len(results.data['filename']) == 1 secretA = PotentialSecret('type', 'filename', 1, 'secret_new') assert results.data['filename'][secretA].secret_hash == \ PotentialSecret.hash_secret('secret_new') assert baseline.data == backup_baseline
def test_success(self): secrets = secrets_collection_factory([{ 'filename': 'fileA', }]).json() with self.mock_repo() as repo: set_authors_for_found_secrets(secrets, repo) assert secrets['fileA'][0]['author'] == 'khock'
def test_new_secret_line_old_file(self): """Same file, new line with potential secret""" new_findings = secrets_collection_factory([{ 'secret': 'secret1', 'lineno': 1, }]) baseline = secrets_collection_factory([{ 'secret': 'secret2', 'lineno': 2, }]) backup_baseline = baseline.data.copy() results = get_secrets_not_in_baseline(new_findings, baseline) assert len(results.data['filename']) == 1 secretA = PotentialSecret('type', 'filename', 1, 'secret1') assert results.data['filename'][ secretA].secret_hash == PotentialSecret.hash_secret('secret1') assert baseline.data == backup_baseline
def test_same_secret_new_location(self): new_findings = secrets_collection_factory([{ 'lineno': 1, }]) baseline = secrets_collection_factory([ { 'lineno': 2, }, ]) is_successful = update_baseline_with_removed_secrets( new_findings, baseline, ['filename'], ) assert is_successful assert len(baseline.data) == 1 assert next(iter(baseline.data['filename'])).lineno == 1
def test_file_is_symbolic_link(self): logic = secrets_collection_factory() with mock.patch( 'detect_secrets.core.secrets_collection.os.path', autospec=True, ) as mock_path: mock_path.islink.return_value = True assert not logic.scan_file('does_not_matter')
def test_explicit_type_for_optimization(self, type_, is_none): with self._mock_secret_hash(): logic = secrets_collection_factory(secrets=[ { 'filename': 'filename', 'type_': 'type', }, ]) assert (logic.get_secret('filename', 'secret_hash', type_) is None) == is_none
def test_deleted_secret_file(self): new_findings = secrets_collection_factory() baseline = secrets_collection_factory([ { 'filename': 'filename', }, ]) is_successful = update_baseline_with_removed_secrets( new_findings, baseline, [ # This is in baseline, but not in results, so # it should be deleted from baseline. 'filename', ], ) assert is_successful assert len(baseline.data) == 0
def test_unicode_decode_error(self, mock_log): logic = secrets_collection_factory(plugins=(MockPluginFileValue(), )) with mock_open('junk text here') as m: m().read.side_effect = MockUnicodeDecodeError logic.scan_file('filename') assert mock_log.getLogger().warning.called # If the file read was successful, secret would have been caught and added. assert len(logic.data) == 0
def test_optional_type(self, filename, secret_hash, expected_value): with self._mock_secret_hash(): logic = secrets_collection_factory([{ 'filename': 'filename', 'lineno': 1, }]) result = logic.get_secret(filename, secret_hash) if expected_value: assert result assert result.lineno == 1 # make sure lineno is the same else: assert not result
def load_from_diff(self, existing_secrets=None, baseline_filename='', exclude_regex=''): collection = secrets_collection_factory( secrets=existing_secrets, plugins=(HexHighEntropyString(3), ), exclude_regex=exclude_regex, ) with open('test_data/sample.diff') as f: collection.scan_diff(f.read(), baseline_filename=baseline_filename) return collection
def test_success_multiple_plugins(self): logic = secrets_collection_factory( secrets=[{ 'filename': 'filename', 'lineno': 3, }], plugins=( MockPluginFixedValue(), MockPluginFileValue(), ), ) with mock_open('junk text here'): logic.scan_file('filename') # One from each plugin, and one from existing secret assert len(logic.data['filename']) == 3 line_numbers = [entry.lineno for entry in logic.data['filename']] assert set(line_numbers) == set([1, 2, 3])
def setup(self): self.logic = secrets_collection_factory(secrets=[ { 'type_': 'A', 'lineno': 3, 'filename': 'fileA', }, { 'type_': 'B', 'lineno': 2, 'filename': 'fileA', }, { 'type_': 'C', 'lineno': 1, 'filename': 'fileB', }, ], plugins=( HexHighEntropyString(3), PrivateKeyDetector(), ))
def mock_baseline_initialize(): secrets = secrets_collection_factory() with mock.patch('detect_secrets.main.baseline.initialize', return_value=secrets) as mock_initialize: yield mock_initialize
def test_ignore_baseline_file(self, mock_get_baseline): mock_get_baseline.return_value = secrets_collection_factory() assert_commit_blocked('test_data/baseline.file') assert_commit_succeeds('--baseline baseline.file baseline.file')
def test_error_reading_file(self, mock_log): logic = secrets_collection_factory() assert not logic.scan_file('non_existent_file') mock_log.getLogger().warning.assert_called_once()