def setup(self): super(TestBase64HighEntropyStrings, self).setup( # Testing default limit, as suggested by truffleHog. Base64HighEntropyString(4.5), 'c3VwZXIgc2VjcmV0IHZhbHVl', # too short for high entropy 'c3VwZXIgbG9uZyBzdHJpbmcgc2hvdWxkIGNhdXNlIGVub3VnaCBlbnRyb3B5', )
def test_ini_file(self): # We're testing two files here, because we want to make sure that # the HighEntropyStrings regex is reset back to normal after # scanning the ini file. filenames = [ 'test_data/config.ini', 'test_data/files/file_with_secrets.py', ] plugin = Base64HighEntropyString(3) accumulated_secrets = {} for filename in filenames: with open(filename) as f: accumulated_secrets.update( plugin.analyze(f, filename), ) count = 0 for secret in accumulated_secrets.values(): location = str(secret).splitlines()[1] assert location in ( 'Location: test_data/config.ini:2', 'Location: test_data/config.ini:6', 'Location: test_data/config.ini:10', 'Location: test_data/config.ini:15', 'Location: test_data/config.ini:21', 'Location: test_data/config.ini:22', 'Location: test_data/files/file_with_secrets.py:3', ) count += 1 assert count == 7
def test_env_file(self): plugin = Base64HighEntropyString(4.5) with open('test_data/config.env') as f: secrets = plugin.analyze(f, 'test_data/config.env') assert len(secrets.values()) == 1 for secret in secrets.values(): location = str(secret).splitlines()[1] assert location in ('Location: test_data/config.env:1', )
def setup(self): super(TestBase64HighEntropyStrings, self).setup( # Testing default limit, as suggested by truffleHog. logic=Base64HighEntropyString( base64_limit=4.5, exclude_lines_regex='CanonicalUser', ), non_secret_string='c3VwZXIgc2VjcmV0IHZhbHVl', # too short for high entropy secret_string='c3VwZXIgbG9uZyBzdHJpbmcgc2hvdWxkIGNhdXNlIGVub3VnaCBlbnRyb3B5', )
def setup(self): super(TestUrlSafeBase64HighEntropyStrings, self).setup( # Testing default limit, as suggested by truffleHog. logic=Base64HighEntropyString( base64_limit=4.5, exclude_lines_regex='CanonicalUser', ), non_secret_string='Zrm-ySTAq7D2sHk=', # too short for high entropy secret_string='I6FwzQZFL9l-44nviI1F04OTmorMaVQf9GS4Oe07qxL_vNkW6CRas4Lo42vqJMT0M6riJfma_f-pTAuoX2U=', # noqa: E501 )
def test_yaml_file(self): plugin = Base64HighEntropyString(3) with open('test_data/config.yaml') as f: secrets = plugin.analyze(f, 'test_data/config.yaml') assert len(secrets.values()) == 2 for secret in secrets.values(): location = str(secret).splitlines()[1] assert location in ( 'Location: test_data/config.yaml:3', 'Location: test_data/config.yaml:5', )
def test_yaml_file(self): plugin = Base64HighEntropyString( base64_limit=3, exclude_lines_regex='CanonicalUser', ) with open('test_data/config.yaml') as f: secrets = plugin.analyze(f, 'test_data/config.yaml') assert len(secrets.values()) == 2 for secret in secrets.values(): location = str(secret).splitlines()[1] assert location in ( 'Location: test_data/config.yaml:3', 'Location: test_data/config.yaml:6', )
def test_ini_file(self, filename, secrets): # We're testing two files here, because we want to make sure that # the HighEntropyStrings regex is reset back to normal after # scanning the ini file. plugin = Base64HighEntropyString(3) accumulated_secrets = {} with codecs.open(filename, encoding='utf-8') as f: accumulated_secrets.update(plugin.analyze(f, filename), ) count = 0 for secret in accumulated_secrets.values(): location = str(secret).splitlines()[1] assert location in secrets count += 1 assert count == len(secrets)
def setup(self): self.plugins = ( Base64HighEntropyString(4.5), HexHighEntropyString(3), )
def test_entropy_upper_limit(self): with pytest.raises(ValueError): Base64HighEntropyString(15)
def __init__(self, limit: float) -> None: self.high_entropy_scanners = (Base64HighEntropyString(limit=limit), HexHighEntropyString(limit=limit)) self.keyword_scanner = KeywordDetector()