def main(argv=None):
if argv is None: # pragma: no cover
argv = sys.argv[1:]
if len(argv) == 0: # pragma: no cover
argv.append('-h')
args = parse_args(argv)
if args.verbose: # pragma: no cover
log.set_debug_level(args.verbose)
if args.action == 'add':
if getattr(args, 'config', False):
actions.initialize(args)
else:
actions.add_repo(args)
elif args.action == 'install':
actions.install_mapper(args)
elif args.action == 'list':
actions.display_tracked_repositories(args)
elif args.action == 'scan':
return actions.scan_repo(args)
return 0
def test_does_not_write_state_when_dry_run(self, mock_file_operations):
with self.setup_env(
SecretsCollection(),
'--dry-run',
) as args:
assert scan_repo(args) == 0
assert not mock_file_operations.write.called
def test_updates_tracked_repo_when_no_secrets_are_found(
self, mock_file_operations, mock_logger):
with self.setup_env(
SecretsCollection(),
updates_repo=True,
) as args:
assert scan_repo(args) == 0
mock_logger.info.assert_called_with(
'No secrets found for %s',
'yelp/detect-secrets',
)
mock_file_operations.write.assert_called_with(
json.dumps(mock_tracked_file('new_sha'), indent=2, sort_keys=True))
def test_always_writes_state_with_always_update_state_flag(
self,
mock_file_operations,
):
secrets = secrets_collection_factory([
{
'filename': 'file_with_secrets',
'lineno': 5,
},
])
with self.setup_env(
secrets,
'--always-update-state',
updates_repo=True,
) as args:
assert scan_repo(args) == 0
assert mock_file_operations.write.called
def test_scan_head_and_does_not_write_state_when_scan_head(
self,
mock_file_operations,
mock_logger,
):
secrets = secrets_collection_factory([
{
'filename': 'file_with_secrets',
'lineno': 5,
},
])
with self.setup_env(
secrets,
'--scan-head',
) as args:
secret_hash = list(
secrets.data['file_with_secrets'].values()
)[0].secret_hash
args.output_hook = mock_external_hook(
'yelp/detect-secrets',
{
'file_with_secrets': [{
'type': 'type',
'hashed_secret': secret_hash,
'is_verified': False,
'line_number': 5,
'author': 'khock',
'commit': 'new_sha',
}],
},
)
assert scan_repo(args) == 0
mock_logger.error.assert_called_with(
'Secrets found in %s',
'yelp/detect-secrets',
)
assert not mock_file_operations.write.called
def test_alerts_on_secrets_found(
self,
mock_file_operations,
mock_logger,
):
secrets = secrets_collection_factory([
{
'filename': 'file_with_secrets',
'lineno': 5,
},
])
with self.setup_env(secrets) as args:
secret_hash = list(
secrets.data['file_with_secrets'].values())[0].secret_hash
args.output_hook = mock_external_hook(
'yelp/detect-secrets',
{
'file_with_secrets':
[{
'type': 'type',
'hashed_secret': secret_hash,
'line_number': 5,
'author': 'khock',
'commit': 'd39c008353447bbc1845812fcaf0a03b50af439f',
}],
},
)
assert scan_repo(args) == 0
mock_logger.error.assert_called_with(
'Secrets found in %s',
'yelp/detect-secrets',
)
assert not mock_file_operations.write.called
def test_quits_early_if_cannot_load_meta_tracking_file(self):
args = self.parse_args()
assert scan_repo(args) == 1
