def test_search_potential_secrets__secrets_found(self):
create_empty_whitelist_secrets_file(
os.path.join(TestSecrets.TEMP_DIR,
TestSecrets.WHITE_LIST_FILE_NAME))
validator = SecretsValidator(is_circle=True,
white_list_path=os.path.join(
TestSecrets.TEMP_DIR,
TestSecrets.WHITE_LIST_FILE_NAME))
with io.open(self.TEST_FILE_WITH_SECRETS, 'w') as f:
f.write('''
print('This is our dummy code')
a = 100
b = 300
c = a + b
API_KEY = OIifdsnsjkgnj3254nkdfsjKNJD0345 # this is our secret
some_dict = {
'some_foo': 100
}
print(some_dict.some_foo)
''')
secrets_found = validator.search_potential_secrets(
[self.TEST_FILE_WITH_SECRETS])
assert secrets_found[self.TEST_FILE_WITH_SECRETS] == [
'OIifdsnsjkgnj3254nkdfsjKNJD0345'
]
def test_two_files_with_same_name(self):
"""
- no items in the whitelist
- file contains 1 secret:
- email
- run validate secrets with --ignore-entropy=True
- ensure secret is found in two files from different directories with the same base name
"""
create_empty_whitelist_secrets_file(os.path.join(TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME))
dir1_path = os.path.join(TestSecrets.TEMP_DIR, "dir1")
dir2_path = os.path.join(TestSecrets.TEMP_DIR, "dir2")
os.mkdir(dir1_path)
os.mkdir(dir2_path)
validator = SecretsValidator(is_circle=True,
ignore_entropy=True,
white_list_path=os.path.join(TestSecrets.TEMP_DIR,
TestSecrets.WHITE_LIST_FILE_NAME))
file_name = 'README.md'
file1_path = os.path.join(dir1_path, file_name)
file2_path = os.path.join(dir2_path, file_name)
for file_path in [file1_path, file2_path]:
with io.open(file_path, 'w') as f:
f.write('''
print('This is our dummy code')
my_email = "*****@*****.**"
''')
secrets_found = validator.search_potential_secrets([file1_path, file2_path], True)
assert secrets_found[os.path.join(dir1_path, file_name)] == ['*****@*****.**']
assert secrets_found[os.path.join(dir2_path, file_name)] == ['*****@*****.**']
def test_ignore_entropy(self):
"""
- no items in the whitelist
- file contains 2 secrets:
- email
- password
- run validate secrets with --ignore-entropy=True
- ensure email found
- ensure entropy code was not executed - no secrets have found
"""
create_empty_whitelist_secrets_file(os.path.join(TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME))
validator = SecretsValidator(is_circle=True,
ignore_entropy=True,
white_list_path=os.path.join(TestSecrets.TEMP_DIR,
TestSecrets.WHITE_LIST_FILE_NAME))
with io.open(self.TEST_FILE_WITH_SECRETS, 'w') as f:
f.write('''
print('This is our dummy code')
my_email = "*****@*****.**"
API_KEY = OIifdsnsjkgnj3254nkdfsjKNJD0345 # this is our secret
some_dict = {
'some_foo': 100
}
''')
secrets_found = validator.search_potential_secrets([self.TEST_FILE_WITH_SECRETS], True)
assert secrets_found[self.TEST_FILE_WITH_SECRETS] == ['*****@*****.**']
def test_ignore_entropy(self, repo):
"""
- no items in the whitelist
- file contains 2 secrets:
- email
- password
- run validate secrets with --ignore-entropy=True
- ensure email found
- ensure entropy code was not executed - no secrets have found
"""
create_empty_whitelist_secrets_file(
os.path.join(TestSecrets.TEMP_DIR,
TestSecrets.WHITE_LIST_FILE_NAME))
validator = SecretsValidator(is_circle=True,
ignore_entropy=True,
white_list_path=os.path.join(
TestSecrets.TEMP_DIR,
TestSecrets.WHITE_LIST_FILE_NAME))
pack = repo.create_pack('pack')
integration = pack.create_integration('integration')
integration.yml.write_dict({
'deprecated':
"print('This is our dummy code') my_email = '*****@*****.**' "
"API_KEY = OIifdsnsjkgnj3254nkdfsjKNJD0345 # this is our secret "
"some_dict = { 'some_foo': 100 }"
})
secrets_found = validator.search_potential_secrets(
[integration.yml.path], True)
assert secrets_found[integration.yml.path][1] == ['*****@*****.**']
def find_secrets(self):
files_and_directories = glob.glob(f'{self.full_output_path}/**/*',
recursive=True)
sv = SecretsValidator(
white_list_path='./Tests/secrets_white_list.json',
ignore_entropy=True)
# remove directories and irrelevant files
files = [
file for file in files_and_directories
if os.path.isfile(file) and sv.is_text_file(file)
]
# The search_potential_secrets method returns a nested dict with values of type list. The values are the secrets
# {'a': {'b': ['secret1', 'secret2'], 'e': ['secret1']}, 'g': ['secret3']}
nested_dict_of_secrets = sv.search_potential_secrets(files)
set_of_secrets: set = set()
extract_values_from_nested_dict_to_a_set(nested_dict_of_secrets,
set_of_secrets)
return set_of_secrets
def test_search_potential_secrets__secrets_found(self, repo):
create_empty_whitelist_secrets_file(
os.path.join(TestSecrets.TEMP_DIR,
TestSecrets.WHITE_LIST_FILE_NAME))
validator = SecretsValidator(is_circle=True,
white_list_path=os.path.join(
TestSecrets.TEMP_DIR,
TestSecrets.WHITE_LIST_FILE_NAME))
pack = repo.create_pack('pack')
integration = pack.create_integration('integration')
integration.yml.write_dict({
'deprecated':
"API_KEY = OIifdsnsjkgnj3254nkdfsjKNJD0345 # this is our secret \n"
"some_dict = { 'some_foo': 100docker print(some_dict.some_foo)"
})
secrets_found = validator.search_potential_secrets(
[integration.yml.path])
assert secrets_found[integration.yml.path][1] == [
'OIifdsnsjkgnj3254nkdfsjKNJD0345'
]
