def test_search_potential_secrets__secrets_found(self): create_empty_whitelist_secrets_file( os.path.join(TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME)) validator = SecretsValidator(is_circle=True, white_list_path=os.path.join( TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME)) with io.open(self.TEST_FILE_WITH_SECRETS, 'w') as f: f.write(''' print('This is our dummy code') a = 100 b = 300 c = a + b API_KEY = OIifdsnsjkgnj3254nkdfsjKNJD0345 # this is our secret some_dict = { 'some_foo': 100 } print(some_dict.some_foo) ''') secrets_found = validator.search_potential_secrets( [self.TEST_FILE_WITH_SECRETS]) assert secrets_found[self.TEST_FILE_WITH_SECRETS] == [ 'OIifdsnsjkgnj3254nkdfsjKNJD0345' ]
def test_two_files_with_same_name(self): """ - no items in the whitelist - file contains 1 secret: - email - run validate secrets with --ignore-entropy=True - ensure secret is found in two files from different directories with the same base name """ create_empty_whitelist_secrets_file(os.path.join(TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME)) dir1_path = os.path.join(TestSecrets.TEMP_DIR, "dir1") dir2_path = os.path.join(TestSecrets.TEMP_DIR, "dir2") os.mkdir(dir1_path) os.mkdir(dir2_path) validator = SecretsValidator(is_circle=True, ignore_entropy=True, white_list_path=os.path.join(TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME)) file_name = 'README.md' file1_path = os.path.join(dir1_path, file_name) file2_path = os.path.join(dir2_path, file_name) for file_path in [file1_path, file2_path]: with io.open(file_path, 'w') as f: f.write(''' print('This is our dummy code') my_email = "*****@*****.**" ''') secrets_found = validator.search_potential_secrets([file1_path, file2_path], True) assert secrets_found[os.path.join(dir1_path, file_name)] == ['*****@*****.**'] assert secrets_found[os.path.join(dir2_path, file_name)] == ['*****@*****.**']
def test_ignore_entropy(self): """ - no items in the whitelist - file contains 2 secrets: - email - password - run validate secrets with --ignore-entropy=True - ensure email found - ensure entropy code was not executed - no secrets have found """ create_empty_whitelist_secrets_file(os.path.join(TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME)) validator = SecretsValidator(is_circle=True, ignore_entropy=True, white_list_path=os.path.join(TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME)) with io.open(self.TEST_FILE_WITH_SECRETS, 'w') as f: f.write(''' print('This is our dummy code') my_email = "*****@*****.**" API_KEY = OIifdsnsjkgnj3254nkdfsjKNJD0345 # this is our secret some_dict = { 'some_foo': 100 } ''') secrets_found = validator.search_potential_secrets([self.TEST_FILE_WITH_SECRETS], True) assert secrets_found[self.TEST_FILE_WITH_SECRETS] == ['*****@*****.**']
def test_ignore_entropy(self, repo): """ - no items in the whitelist - file contains 2 secrets: - email - password - run validate secrets with --ignore-entropy=True - ensure email found - ensure entropy code was not executed - no secrets have found """ create_empty_whitelist_secrets_file( os.path.join(TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME)) validator = SecretsValidator(is_circle=True, ignore_entropy=True, white_list_path=os.path.join( TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME)) pack = repo.create_pack('pack') integration = pack.create_integration('integration') integration.yml.write_dict({ 'deprecated': "print('This is our dummy code') my_email = '*****@*****.**' " "API_KEY = OIifdsnsjkgnj3254nkdfsjKNJD0345 # this is our secret " "some_dict = { 'some_foo': 100 }" }) secrets_found = validator.search_potential_secrets( [integration.yml.path], True) assert secrets_found[integration.yml.path][1] == ['*****@*****.**']
def find_secrets(self): files_and_directories = glob.glob(f'{self.full_output_path}/**/*', recursive=True) sv = SecretsValidator( white_list_path='./Tests/secrets_white_list.json', ignore_entropy=True) # remove directories and irrelevant files files = [ file for file in files_and_directories if os.path.isfile(file) and sv.is_text_file(file) ] # The search_potential_secrets method returns a nested dict with values of type list. The values are the secrets # {'a': {'b': ['secret1', 'secret2'], 'e': ['secret1']}, 'g': ['secret3']} nested_dict_of_secrets = sv.search_potential_secrets(files) set_of_secrets: set = set() extract_values_from_nested_dict_to_a_set(nested_dict_of_secrets, set_of_secrets) return set_of_secrets
def test_search_potential_secrets__secrets_found(self, repo): create_empty_whitelist_secrets_file( os.path.join(TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME)) validator = SecretsValidator(is_circle=True, white_list_path=os.path.join( TestSecrets.TEMP_DIR, TestSecrets.WHITE_LIST_FILE_NAME)) pack = repo.create_pack('pack') integration = pack.create_integration('integration') integration.yml.write_dict({ 'deprecated': "API_KEY = OIifdsnsjkgnj3254nkdfsjKNJD0345 # this is our secret \n" "some_dict = { 'some_foo': 100docker print(some_dict.some_foo)" }) secrets_found = validator.search_potential_secrets( [integration.yml.path]) assert secrets_found[integration.yml.path][1] == [ 'OIifdsnsjkgnj3254nkdfsjKNJD0345' ]