def test_exclude_by_keys_and_values(configfile, src): args = parse_args([fixture_path(src)]) args.config = core.load_config(config_path(configfile), FIXTURE_PATH) secrets = core.run(args) assert next(secrets).key == "hardcoded_password" with pytest.raises(StopIteration): next(secrets)
def test_exclude_files(): args = parse_args([fixture_path()]) args.config = core.load_config(config_path("exclude_files.yml"), FIXTURE_PATH) secrets = core.run(args) with pytest.raises(StopIteration): next(secrets)
def cli(arguments=None): # Parse CLI arguments args = parse_args(arguments) # Show information if args.info: exit(cli_info()) # Default response if not args.src: exit(cli_parser().print_help()) # Clear output file if args.output: args.output = Path(args.output) args.output.write_text("") # Configure execution configure_log() if args.config: args.config = load_config(args.config, src=args.src) # Valar margulis for secret in run(args): format_stdout(secret, args.output) # Clean up cleanup_log()
def cli(): # Parse CLI arguments args_parser = ArgumentParser("whispers", description=("Identify secrets and dangerous behaviours")) args_parser.add_argument("-v", "--version", action="version", version=f"whispers {__version__}") args_parser.add_argument("-c", "--config", default=None, help="config file") args_parser.add_argument("-o", "--output", help="output file (.yml)") args_parser.add_argument("src", nargs="?", help="source code file or directory") args = args_parser.parse_args() # Default response if not args.src: exit(args_parser.print_help()) # Clear output file if args.output: args.output = Path(args.output) args.output.write_text("") # Configure execution configure_log() if args.config: args.config = load_config(args.config, src=args.src) # Valar margulis for secret in run(args.src, config=args.config): format_stdout(secret, args.output)
def test_include_files(): args = parse_args([fixture_path()]) args.config = core.load_config(config_path("include_files.yml"), FIXTURE_PATH) secrets = core.run(args) assert next(secrets).value == "hardcoded" with pytest.raises(StopIteration): next(secrets)
def test_detection_by_value(src, count): config = core.load_config(CONFIG_PATH.joinpath("detection_by_value.yml")) secrets = core.run(fixture_path(src), config) for _ in range(count): value = next(secrets).value.lower() if value.isnumeric(): value = bytes.fromhex(hex(int(value))[2:]).decode("ascii") assert "hardcoded" in value with pytest.raises(StopIteration): next(secrets)
def test_detection_by_value(src, count): args = parse_args([fixture_path(src)]) args.config = core.load_config( CONFIG_PATH.joinpath("detection_by_value.yml")) secrets = core.run(args) for _ in range(count): value = next(secrets).value.lower() if value.isnumeric(): continue assert "hardcoded" in value with pytest.raises(StopIteration): next(secrets)
def test_load_config(): config = core.load_config(config_path("example.yml"), FIXTURE_PATH) assert set(config["exclude"]["files"]) == set( [ Path(fixture_path(".npmrc")), Path(fixture_path("hardcoded.json")), Path(fixture_path("hardcoded.yml")), Path(fixture_path("hardcoded.xml")), ] ) assert config["exclude"]["keys"] == [re.compile("SECRET_VALUE_KEY", flags=re.IGNORECASE)] assert config["exclude"]["values"] == [re.compile("SECRET_VALUE_PLACEHOLDER", flags=re.IGNORECASE)]
def test_detection_by_filename(): expected = map( fixture_path, [ ".aws/credentials", ".htpasswd", ".npmrc", ".pypirc", "connection.config", "integration.conf", "pip.conf", "settings.cfg", "settings.conf", "settings.env", "settings.ini", ], ) config = core.load_config(CONFIG_PATH.joinpath("detection_by_filename.yml")) secrets = core.run(fixture_path(""), config) result = [secret.value for secret in secrets] for exp in expected: assert exp in result
def parse_args(arguments: Optional[List] = None) -> Namespace: configure_log() args, _ = cli_parser().parse_known_args(arguments) # Show information if args.info: exit(cli_info()) # Default response if not args.src: exit(cli_parser().print_help()) # Configure execution if args.config: args.config = load_config(args.config, src=args.src) # Clear output file if args.output: args.output = Path(args.output) args.output.write_text("") return args
def test_load_config_exception(filename, expectation): with expectation: core.load_config(filename, FIXTURE_PATH)
def test_is_static(key, value, expectation): args = parse_args([fixture_path()]) args.config = core.load_config(CONFIG_PATH.joinpath("example.yml")) secrets = WhisperSecrets(args) assert secrets.is_static(key, value) == expectation
def test_exclude_files(): config = core.load_config(config_path("exclude_files.yml"), FIXTURE_PATH) secrets = core.run(FIXTURE_PATH, config=config) with pytest.raises(StopIteration): next(secrets)
def test_include_files(): config = core.load_config(config_path("include_files.yml"), FIXTURE_PATH) secrets = core.run(FIXTURE_PATH, config=config) assert next(secrets).value == "hardcoded" with pytest.raises(StopIteration): next(secrets)
def test_load_config_exception(): with pytest.raises(ParserError): core.load_config(config_path("invalid.yml"), FIXTURE_PATH)