def test_exclude_by_keys_and_values(configfile, src):
args = parse_args([fixture_path(src)])
args.config = core.load_config(config_path(configfile), FIXTURE_PATH)
secrets = core.run(args)
assert next(secrets).key == "hardcoded_password"
with pytest.raises(StopIteration):
next(secrets)
def test_exclude_files():
args = parse_args([fixture_path()])
args.config = core.load_config(config_path("exclude_files.yml"),
FIXTURE_PATH)
secrets = core.run(args)
with pytest.raises(StopIteration):
next(secrets)
def cli(arguments=None):
# Parse CLI arguments
args = parse_args(arguments)
# Show information
if args.info:
exit(cli_info())
# Default response
if not args.src:
exit(cli_parser().print_help())
# Clear output file
if args.output:
args.output = Path(args.output)
args.output.write_text("")
# Configure execution
configure_log()
if args.config:
args.config = load_config(args.config, src=args.src)
# Valar margulis
for secret in run(args):
format_stdout(secret, args.output)
# Clean up
cleanup_log()
def cli():
# Parse CLI arguments
args_parser = ArgumentParser("whispers", description=("Identify secrets and dangerous behaviours"))
args_parser.add_argument("-v", "--version", action="version", version=f"whispers {__version__}")
args_parser.add_argument("-c", "--config", default=None, help="config file")
args_parser.add_argument("-o", "--output", help="output file (.yml)")
args_parser.add_argument("src", nargs="?", help="source code file or directory")
args = args_parser.parse_args()
# Default response
if not args.src:
exit(args_parser.print_help())
# Clear output file
if args.output:
args.output = Path(args.output)
args.output.write_text("")
# Configure execution
configure_log()
if args.config:
args.config = load_config(args.config, src=args.src)
# Valar margulis
for secret in run(args.src, config=args.config):
format_stdout(secret, args.output)
def test_include_files():
args = parse_args([fixture_path()])
args.config = core.load_config(config_path("include_files.yml"), FIXTURE_PATH)
secrets = core.run(args)
assert next(secrets).value == "hardcoded"
with pytest.raises(StopIteration):
next(secrets)
def test_detection_by_value(src, count):
config = core.load_config(CONFIG_PATH.joinpath("detection_by_value.yml"))
secrets = core.run(fixture_path(src), config)
for _ in range(count):
value = next(secrets).value.lower()
if value.isnumeric():
value = bytes.fromhex(hex(int(value))[2:]).decode("ascii")
assert "hardcoded" in value
with pytest.raises(StopIteration):
next(secrets)
def test_detection_by_value(src, count):
args = parse_args([fixture_path(src)])
args.config = core.load_config(
CONFIG_PATH.joinpath("detection_by_value.yml"))
secrets = core.run(args)
for _ in range(count):
value = next(secrets).value.lower()
if value.isnumeric():
continue
assert "hardcoded" in value
with pytest.raises(StopIteration):
next(secrets)
def test_load_config():
config = core.load_config(config_path("example.yml"), FIXTURE_PATH)
assert set(config["exclude"]["files"]) == set(
[
Path(fixture_path(".npmrc")),
Path(fixture_path("hardcoded.json")),
Path(fixture_path("hardcoded.yml")),
Path(fixture_path("hardcoded.xml")),
]
)
assert config["exclude"]["keys"] == [re.compile("SECRET_VALUE_KEY", flags=re.IGNORECASE)]
assert config["exclude"]["values"] == [re.compile("SECRET_VALUE_PLACEHOLDER", flags=re.IGNORECASE)]
def test_detection_by_filename():
expected = map(
fixture_path,
[
".aws/credentials",
".htpasswd",
".npmrc",
".pypirc",
"connection.config",
"integration.conf",
"pip.conf",
"settings.cfg",
"settings.conf",
"settings.env",
"settings.ini",
],
)
config = core.load_config(CONFIG_PATH.joinpath("detection_by_filename.yml"))
secrets = core.run(fixture_path(""), config)
result = [secret.value for secret in secrets]
for exp in expected:
assert exp in result
def parse_args(arguments: Optional[List] = None) -> Namespace:
configure_log()
args, _ = cli_parser().parse_known_args(arguments)
# Show information
if args.info:
exit(cli_info())
# Default response
if not args.src:
exit(cli_parser().print_help())
# Configure execution
if args.config:
args.config = load_config(args.config, src=args.src)
# Clear output file
if args.output:
args.output = Path(args.output)
args.output.write_text("")
return args
def test_load_config_exception(filename, expectation):
with expectation:
core.load_config(filename, FIXTURE_PATH)
def test_is_static(key, value, expectation):
args = parse_args([fixture_path()])
args.config = core.load_config(CONFIG_PATH.joinpath("example.yml"))
secrets = WhisperSecrets(args)
assert secrets.is_static(key, value) == expectation
def test_exclude_files():
config = core.load_config(config_path("exclude_files.yml"), FIXTURE_PATH)
secrets = core.run(FIXTURE_PATH, config=config)
with pytest.raises(StopIteration):
next(secrets)
def test_include_files():
config = core.load_config(config_path("include_files.yml"), FIXTURE_PATH)
secrets = core.run(FIXTURE_PATH, config=config)
assert next(secrets).value == "hardcoded"
with pytest.raises(StopIteration):
next(secrets)
def test_load_config_exception():
with pytest.raises(ParserError):
core.load_config(config_path("invalid.yml"), FIXTURE_PATH)
