def main(argv=None): if len(sys.argv) == 1: # pragma: no cover sys.argv.append('-h') args = parse_args(argv) if args.verbose: # pragma: no cover log.set_debug_level(args.verbose) if args.action == 'scan': # Plugins are *always* rescanned with fresh settings, because # we want to get the latest updates. plugins = initialize.from_parser_builder(args.plugins) if args.string: line = args.string if isinstance(args.string, bool): line = sys.stdin.read().splitlines()[0] _scan_string(line, plugins) else: baseline_dict = _perform_scan( args, plugins, ) if args.import_filename: write_baseline_to_file( filename=args.import_filename[0], data=baseline_dict, ) else: print(baseline.format_baseline_for_output(baseline_dict, ), ) elif args.action == 'audit': if not args.diff: audit.audit_baseline(args.filename[0]) return 0 if len(args.filename) != 2: print( 'Must specify two files to compare!', file=sys.stderr, ) return 1 try: audit.compare_baselines(args.filename[0], args.filename[1]) except audit.RedundantComparisonError: print( 'No difference, because it\'s the same file!', file=sys.stderr, ) return 0
def main(argv=None): args = parse_args(argv) if args.verbose: # pragma: no cover log.set_debug_level(args.verbose) try: # If baseline is provided, we first want to make sure # it's valid, before doing any further computation. baseline_collection = get_baseline(args.baseline[0]) except (IOError, ValueError): # Error logs handled within logic. return 1 plugins = initialize.from_parser_builder(args.plugins) results = find_secrets_in_files(args, plugins) if baseline_collection: original_results = results results = get_secrets_not_in_baseline( results, baseline_collection, ) if len(results.data) > 0: pretty_print_diagnostics(results) return 1 if not baseline_collection: return 0 # Only attempt baseline modifications if we don't find any new secrets baseline_modified = trim_baseline_of_removed_secrets( original_results, baseline_collection, args.filenames, ) if VERSION != baseline_collection.version: baseline_collection.plugins = plugins baseline_collection.version = VERSION baseline_modified = True if baseline_modified: write_baseline_to_file( filename=args.baseline[0], data=baseline_collection.format_for_baseline_output(), ) log.error( 'The baseline file was updated.\n' 'Probably to keep line numbers of secrets up-to-date.\n' 'Please `git add {}`, thank you.\n\n'.format(args.baseline[0]), ) return 1 return 0
def main(argv=sys.argv[1:]): if len(sys.argv) == 1: # pragma: no cover sys.argv.append('--help') args = parse_args(argv) if args.verbose: # pragma: no cover log.set_debug_level(args.verbose) if args.action == 'scan': automaton = None word_list_hash = None if args.word_list_file: automaton, word_list_hash = build_automaton(args.word_list_file) # Plugins are *always* rescanned with fresh settings, because # we want to get the latest updates. plugins = initialize.from_parser_builder( plugins_dict=args.plugins, custom_plugin_paths=args.custom_plugin_paths, exclude_lines_regex=args.exclude_lines, automaton=automaton, should_verify_secrets=not args.no_verify, ) if args.string: line = args.string if isinstance(args.string, bool): line = sys.stdin.read().splitlines()[0] _scan_string(line, plugins) else: baseline_dict = _perform_scan( args, plugins, automaton, word_list_hash, ) if args.import_filename: write_baseline_to_file( filename=args.import_filename[0], data=baseline_dict, ) else: print(baseline.format_baseline_for_output(baseline_dict, ), ) elif args.action == 'audit': if not args.diff and not args.display_results: audit.audit_baseline(args.filename[0]) return 0 if args.display_results: audit.print_audit_results(args.filename[0]) return 0 if len(args.filename) != 2: print( 'Must specify two files to compare!', file=sys.stderr, ) return 1 try: audit.compare_baselines(args.filename[0], args.filename[1]) except audit.RedundantComparisonError: print( 'No difference, because it\'s the same file!', file=sys.stderr, ) return 0
def audit_baseline(baseline_filename): original_baseline = _get_baseline_from_file(baseline_filename) if not original_baseline: return files_removed = _remove_nonexistent_files_from_baseline(original_baseline) all_secrets = list(_secret_generator(original_baseline)) secrets_with_choices = [ (filename, secret) for filename, secret in all_secrets if 'is_secret' not in secret ] total_choices = len(secrets_with_choices) secret_iterator = BidirectionalIterator(secrets_with_choices) current_secret_index = 0 for filename, secret in secret_iterator: _clear_screen() current_secret_index += 1 try: _print_context( filename=filename, secret=secret, count=current_secret_index, total=total_choices, plugins_used=original_baseline['plugins_used'], custom_plugin_paths=original_baseline['custom_plugin_paths'], ) decision = _get_user_decision(can_step_back=secret_iterator.can_step_back()) except SecretNotFoundOnSpecifiedLineError: decision = _get_user_decision( prompt_secret_decision=False, can_step_back=secret_iterator.can_step_back(), ) if decision == 'q': print('Quitting...') break if decision == 'b': current_secret_index -= 2 secret_iterator.step_back_on_next_iteration() _handle_user_decision(decision, secret) if current_secret_index == 0 and not files_removed: print('Nothing to audit!') return print('Saving progress...') results = defaultdict(list) for filename, secret in all_secrets: results[filename].append(secret) original_baseline['results'] = merge_results( original_baseline['results'], dict(results), ) write_baseline_to_file( filename=baseline_filename, data=original_baseline, )
def main(argv=sys.argv[1:]): args = parse_args(argv) if args.verbose: # pragma: no cover log.set_debug_level(args.verbose) try: # If baseline is provided, we first want to make sure # it's valid, before doing any further computation. baseline_collection = get_baseline(args.baseline[0]) except (IOError, TypeError, ValueError): # Error logs handled within logic. return 1 automaton = None word_list_hash = None if args.word_list_file: automaton, word_list_hash = build_automaton(args.word_list_file) plugins = initialize.from_parser_builder( plugins_dict=args.plugins, custom_plugin_paths=args.custom_plugin_paths, exclude_lines_regex=args.exclude_lines, automaton=automaton, should_verify_secrets=not args.no_verify, ) # Merge plugins from baseline if baseline_collection: plugins = initialize.merge_plugins_from_baseline( baseline_plugins=baseline_collection.plugins, args=args, automaton=automaton, ) baseline_collection.plugins = plugins results = find_secrets_in_files(args, plugins) if baseline_collection: original_results = results results = get_secrets_not_in_baseline( results, baseline_collection, ) if len(results.data) > 0: pretty_print_diagnostics(results) return 1 if not baseline_collection: return 0 # Only attempt baseline modifications if we don't find any new secrets baseline_modified = trim_baseline_of_removed_secrets( original_results, baseline_collection, args.filenames, ) if VERSION != baseline_collection.version: baseline_collection.version = VERSION baseline_modified = True # adding this line as we don't want the modification of baseline file. baseline_modified = False if baseline_modified: write_baseline_to_file( filename=args.baseline[0], data=baseline_collection.format_for_baseline_output(), ) log.error( 'The baseline file was updated.\n' 'Probably to keep line numbers of secrets up-to-date.\n' 'Please `git add {}`, thank you.\n\n'.format(args.baseline[0]), ) return 3 return 0
def main(argv=None): version_check() args = parse_args(argv) if args.verbose: # pragma: no cover log.set_debug_level(args.verbose) try: # If baseline is provided, we first want to make sure # it's valid, before doing any further computation. baseline_collection = get_baseline( args.baseline[0], plugin_filenames=args.plugin_filenames, ) except (IOError, TypeError, ValueError): # Error logs handled within logic. return 1 automaton = None word_list_hash = None if args.word_list_file: automaton, word_list_hash = build_automaton(args.word_list_file) plugins = initialize.from_parser_builder( args.plugins, exclude_lines_regex=args.exclude_lines, automaton=automaton, should_verify_secrets=not args.no_verify, plugin_filenames=args.plugin_filenames, ) # Merge plugins from baseline if baseline_collection: plugins = initialize.merge_plugins_from_baseline( baseline_collection.plugins, args, automaton, ) baseline_collection.plugins = plugins results_collection = find_secrets_in_files(args, plugins) if baseline_collection: original_results_collection = results_collection results_collection = get_secrets_not_in_baseline( results_collection, baseline_collection, ) if len(results_collection.data) > 0: pretty_print_diagnostics_for_new_secrets(results_collection) return 1 # if no baseline been supplied if not baseline_collection: return 0 # Only attempt baseline modifications if we don't find any new secrets baseline_modified = trim_baseline_of_removed_secrets( original_results_collection, baseline_collection, args.filenames, ) if VERSION != baseline_collection.version: baseline_collection.version = VERSION baseline_modified = True if baseline_modified: write_baseline_to_file( filename=args.baseline[0], data=baseline_collection.format_for_baseline_output(), ) log.error( 'The baseline file was updated.\n' 'Probably to keep line numbers of secrets up-to-date.\n' 'Please `git add {}`, thank you.\n\n'.format(args.baseline[0]), ) return 3 # check if there are verified but haven't been audited secrets verified_non_audited = get_verified_non_audited_secrets_from_baseline( baseline_collection, ) if len(verified_non_audited.data) > 0: pretty_print_diagnostics_for_verified_non_audited(verified_non_audited) return 2 # check if there are non-audited secrets if args.fail_on_non_audited: non_audited = get_non_audited_secrets_from_baseline( baseline_collection, ) if len(non_audited.data) > 0: pretty_print_diagnostics_for_non_audited(non_audited) return 4 return 0