def get_secret(self, filename, secret, type_=None):
"""Checks to see whether a secret is found in the collection.
:type filename: str
:param filename: the file to search in.
:type secret: str
:param secret: secret hash of secret to search for.
:type type_: str
:param type_: type of secret, if known.
:rtype: PotentialSecret|None
"""
if filename not in self.data:
return None
if type_:
# Optimized lookup, because we know the type of secret
# (and therefore, its hash)
tmp_secret = PotentialSecret(type_, filename, secret='will be overriden')
tmp_secret.secret_hash = secret
if tmp_secret in self.data[filename]:
return self.data[filename][tmp_secret]
return None
# NOTE: We can only optimize this, if we knew the type of secret.
# Otherwise, we need to iterate through the set and find out.
for obj in self.data[filename]:
if obj.secret_hash == secret:
return obj
return None
def _load_baseline_from_dict(cls, data):
"""Initializes a SecretsCollection object from dictionary.
:type data: dict
:param data: properly formatted dictionary to load SecretsCollection from.
:rtype: SecretsCollection
:raises: IOError
"""
result = SecretsCollection()
if 'results' not in data or 'exclude_regex' not in data:
raise IOError
for filename in data['results']:
result.data[filename] = {}
for item in data['results'][filename]:
secret = PotentialSecret(
item['type'],
filename,
item['line_number'],
'will be replaced',
)
secret.secret_hash = item['hashed_secret']
result.data[filename][secret] = secret
result.exclude_regex = data['exclude_regex']
return result
def get_secret(self, filename, secret, type_=None):
"""Checks to see whether a secret is found in the collection.
:type filename: str
:param filename: the file to search in.
:type secret: str
:param secret: secret hash of secret to search for.
:type type_: str
:param type_: type of secret, if known.
:rtype: PotentialSecret|None
"""
if filename not in self.data:
return None
if type_:
# Optimized lookup, because we know the type of secret
# (and therefore, its hash)
tmp_secret = PotentialSecret(type_, filename, 0, 'will be overriden')
tmp_secret.secret_hash = secret
if tmp_secret in self.data[filename]:
return self.data[filename][tmp_secret]
return None
# NOTE: We can only optimize this, if we knew the type of secret.
# Otherwise, we need to iterate through the set and find out.
for obj in self.data[filename]:
if obj.secret_hash == secret:
return obj
return None
def load_baseline_from_dict(cls, data):
"""Initializes a SecretsCollection object from dictionary.
:type data: dict
:param data: properly formatted dictionary to load SecretsCollection from.
:rtype: SecretsCollection
:raises: IOError
"""
result = SecretsCollection()
if not all(key in data for key in (
'plugins_used',
'results',
)):
raise IOError
# In v0.12.0 `exclude_regex` got replaced by `exclude`
if not any(key in data for key in (
'exclude',
'exclude_regex',
)):
raise IOError
if 'exclude_regex' in data:
result.exclude_files = data['exclude_regex']
else:
result.exclude_files = data['exclude']['files']
result.exclude_lines = data['exclude']['lines']
plugins = []
for plugin in data['plugins_used']:
plugin_classname = plugin.pop('name')
plugins.append(
initialize.from_plugin_classname(
plugin_classname,
exclude_lines_regex=result.exclude_lines,
should_verify_secrets=False,
**plugin), )
result.plugins = tuple(plugins)
for filename in data['results']:
result.data[filename] = {}
for item in data['results'][filename]:
secret = PotentialSecret(
item['type'],
filename,
secret='will be replaced',
lineno=item['line_number'],
is_secret=item.get('is_secret'),
)
secret.secret_hash = item['hashed_secret']
result.data[filename][secret] = secret
result.version = (data['version'] if 'version' in data else '0.0.0')
return result
def _load_baseline_from_dict(cls, data):
"""Initializes a SecretsCollection object from dictionary.
:type data: dict
:param data: properly formatted dictionary to load SecretsCollection from.
:rtype: SecretsCollection
:raises: IOError
"""
result = SecretsCollection()
if not all(key in data for key in (
'exclude_regex',
'plugins_used',
'results',
'version',
)):
raise IOError
result.exclude_regex = data['exclude_regex']
plugins = []
for plugin in data['plugins_used']:
plugin_classname = plugin.pop('name')
plugins.append(initialize.from_plugin_classname(
plugin_classname,
**plugin
))
result.plugins = tuple(plugins)
for filename in data['results']:
result.data[filename] = {}
for item in data['results'][filename]:
secret = PotentialSecret(
item['type'],
filename,
item['line_number'],
'will be replaced',
)
secret.secret_hash = item['hashed_secret']
result.data[filename][secret] = secret
result.version = data['version']
return result
def _load_baseline_from_dict(cls, data):
"""Initializes a SecretsCollection object from dictionary.
:type data: dict
:param data: properly formatted dictionary to load SecretsCollection from.
:rtype: SecretsCollection
:raises: IOError
"""
result = SecretsCollection()
if not all(key in data for key in (
'exclude_regex',
'plugins_used',
'results',
'version',
)):
raise IOError
result.exclude_regex = data['exclude_regex']
plugins = []
for plugin in data['plugins_used']:
plugin_classname = plugin.pop('name')
plugins.append(
initialize.from_plugin_classname(plugin_classname, **plugin))
result.plugins = tuple(plugins)
for filename in data['results']:
result.data[filename] = {}
for item in data['results'][filename]:
secret = PotentialSecret(
item['type'],
filename,
item['line_number'],
secret='will be replaced',
is_secret=item.get('is_secret'),
)
secret.secret_hash = item['hashed_secret']
result.data[filename][secret] = secret
result.version = data['version']
return result
def load_baseline_from_dict(cls, data, plugin_filenames=None):
"""Initializes a SecretsCollection object from dictionary.
:type data: dict
:param data: properly formatted dictionary to load SecretsCollection from.
:type plugin_filenames: tuple
:param plugin_filenames: the plugin filenames.
:rtype: SecretsCollection
:raises: IOError
"""
result = SecretsCollection()
if not all(key in data for key in (
'plugins_used',
'results',
)):
raise IOError
# In v0.12.0 `exclude_regex` got replaced by `exclude`
if not any(key in data for key in (
'exclude',
'exclude_regex',
)):
raise IOError
if 'exclude_regex' in data:
result.exclude_files = data['exclude_regex']
else:
result.exclude_files = data['exclude']['files']
result.exclude_lines = data['exclude']['lines']
# In v0.12.7 the `--word-list` option got added
automaton = None
if 'word_list' in data:
result.word_list_file = data['word_list']['file']
result.word_list_hash = data['word_list']['hash']
if result.word_list_file:
# Always ignore the given `data['word_list']['hash']`
# The difference will show whenever the word list changes
automaton, result.word_list_hash = build_automaton(
result.word_list_file)
plugins = []
for plugin in data['plugins_used']:
plugin_classname = plugin.pop('name')
initialized_plugin_classname = initialize.from_plugin_classname(
plugin_classname,
exclude_lines_regex=result.exclude_lines,
automaton=automaton,
should_verify_secrets=True,
plugin_filenames=plugin_filenames,
**plugin,
)
if initialized_plugin_classname is not None:
plugins.append(initialized_plugin_classname)
result.plugins = tuple(plugins)
for filename in data['results']:
result.data[filename] = {}
for item in data['results'][filename]:
secret = PotentialSecret(
item['type'],
filename,
secret='will be replaced',
lineno=item['line_number'],
is_secret=item.get('is_secret'),
output_raw=result.output_raw,
is_verified=item['is_verified'],
verified_result=item.get('verified_result'),
)
secret.secret_hash = item['hashed_secret']
result.data[filename][secret] = secret
result.version = (data['version'] if 'version' in data else '0.0.0')
return result
def load_baseline_from_dict(cls, data):
"""Initializes a SecretsCollection object from dictionary.
:type data: dict
:param data: properly formatted dictionary to load SecretsCollection from.
:rtype: SecretsCollection
:raises: IOError
"""
result = SecretsCollection()
if not all(key in data for key in (
'plugins_used',
'results',
)):
raise IOError
# In v0.12.0 `exclude_regex` got replaced by `exclude`
if not any(key in data for key in (
'exclude',
'exclude_regex',
)):
raise IOError
if 'exclude_regex' in data:
result.exclude_files = data['exclude_regex']
else:
result.exclude_files = data['exclude']['files']
result.exclude_lines = data['exclude']['lines']
# In v0.12.7 the `--word-list` option got added
automaton = None
if 'word_list' in data:
result.word_list_file = data['word_list']['file']
result.word_list_hash = data['word_list']['hash']
if result.word_list_file:
# Always ignore the existing `data['word_list']['hash']`
# The difference will show whenever the word list changes
automaton, result.word_list_hash = build_automaton(
result.word_list_file)
# In v0.14.0 the `--custom-plugins` option got added
result.custom_plugin_paths = tuple(data.get('custom_plugin_paths', ()))
result.plugins = tuple(
initialize.from_plugin_classname(
plugin_classname=plugin.pop('name'),
custom_plugin_paths=result.custom_plugin_paths,
exclude_lines_regex=result.exclude_lines,
automaton=automaton,
should_verify_secrets=False,
**plugin) for plugin in data['plugins_used'])
for filename in data['results']:
result.data[filename] = {}
for item in data['results'][filename]:
secret = PotentialSecret(
item['type'],
filename,
secret='will be replaced',
lineno=item['line_number'],
is_secret=item.get('is_secret'),
)
secret.secret_hash = item['hashed_secret']
result.data[filename][secret] = secret
result.version = (data['version'] if 'version' in data else '0.0.0')
return result
