def test_verify_no_secret(self): logic = AWSKeyDetector() assert logic.verify( self.example_key, get_code_snippet([], 1), ) == VerifiedResult.UNVERIFIED assert logic.verify( EXAMPLE_SECRET, get_code_snippet([], 1), ) == VerifiedResult.UNVERIFIED
def test_verify_unverified_secret_no_match(self, mock_hmac_verify): mock_hmac_verify.side_effect = requests.exceptions.RequestException('oops') assert IbmCosHmacDetector().verify( SECRET_ACCESS_KEY, get_code_snippet(['something={}'.format(ACCESS_KEY_ID)], 1), ) == VerifiedResult.UNVERIFIED mock_hmac_verify.assert_not_called()
def test_verify_valid_secret(self, mock_hmac_verify): mock_hmac_verify.return_value = True assert IbmCosHmacDetector().verify( SECRET_ACCESS_KEY, get_code_snippet(['access_key_id={}'.format(ACCESS_KEY_ID)], 1), ) == VerifiedResult.VERIFIED_TRUE mock_hmac_verify.assert_called_with(ACCESS_KEY_ID, SECRET_ACCESS_KEY)
def test_verify_invalid_secret(self): with mock.patch( 'detect_secrets.plugins.aws.verify_aws_secret_access_key', return_value=False, ): assert AWSKeyDetector().verify( self.example_key, get_code_snippet(['={}'.format(EXAMPLE_SECRET)], 1), ) == VerifiedResult.VERIFIED_FALSE
def test_verify_valid_secret(self): responses.add( responses.GET, 'https://api.softlayer.com/rest/v3/SoftLayer_Account.json', json={'id': 1}, status=200, ) assert SoftlayerDetector().verify( SL_TOKEN, get_code_snippet([f'softlayer_username={SL_USERNAME}'], 1), ) == VerifiedResult.VERIFIED_TRUE
def test_verify_valid_secret(self): cl_api_url = 'https://{cl_account}:{cl_pw}@{cl_account}.cloudant.com'.format( cl_account=CL_ACCOUNT, cl_pw=CL_PW, ) responses.add( responses.GET, cl_api_url, json={'id': 1}, status=200, ) assert CloudantDetector().verify( CL_PW, get_code_snippet(['cloudant_host={}'.format(CL_ACCOUNT)], 1), ) == VerifiedResult.VERIFIED_TRUE
def test_verify_keep_trying_until_found_something(self): data = {'count': 0} def counter(*args, **kwargs): output = data['count'] data['count'] += 1 return bool(output) with mock.patch( 'detect_secrets.plugins.aws.verify_aws_secret_access_key', counter, ): assert AWSKeyDetector().verify( self.example_key, get_code_snippet( [ f'false_secret = {"TEST" * 10}', f'real_secret = {EXAMPLE_SECRET}', ], 1, ), ) == VerifiedResult.VERIFIED_TRUE
def test_find_account(self, content, expected_output): assert find_account(get_code_snippet(content.splitlines(), 1)) == expected_output
def test_verify_no_secret(self): assert CloudantDetector().verify( CL_PW, get_code_snippet(['no_un={}'.format(CL_ACCOUNT)], 1), ) == VerifiedResult.UNVERIFIED
def test_previous_line(): assert get_code_snippet(list('abcde'), 3, lines_of_context=2).previous_line == 'b'
def test_target_line(): assert get_code_snippet(list('abcde'), 3, lines_of_context=2).target_line == 'c'
def test_basic(line_number, expected): assert ''.join( list(get_code_snippet(list('abcde'), line_number, lines_of_context=2)), ) == expected
def test_verify_no_secret(self): assert SoftlayerDetector().verify( SL_TOKEN, get_code_snippet([f'no_un={SL_USERNAME}'], 1), ) == VerifiedResult.UNVERIFIED
def test_get_secret_access_key(content, expected_output): assert get_secret_access_keys(get_code_snippet(content.splitlines(), 1), ) == expected_output