BCE-24998 scan multi lines and skip public keys

bridgecrewio · Jan 22, 2024 · 89d9efa · 89d9efa
1 parent 8685275
commit 89d9efa
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 15 deletions.
diff --git a/detect_secrets/plugins/azure_storage_key.py b/detect_secrets/plugins/azure_storage_key.py
@@ -5,10 +5,13 @@
 
 import re
 
+from detect_secrets.core.potential_secret import PotentialSecret
 from detect_secrets.plugins.base import RegexBasedDetector
 from detect_secrets.util.code_snippet import CodeSnippet
-from detect_secrets.core.potential_secret import PotentialSecret
 
+from typing import Any
+from typing import Set
+from typing import Optional
 
 class AzureStorageKeyDetector(RegexBasedDetector):
     """Scans for Azure Storage Account access keys."""
@@ -50,13 +53,15 @@ def filter_skip_keys(
             line: str,
     ) -> Set[PotentialSecret]:
         context_text = ''.join(context.lines) if context else line;
-        return [result for result in set(results) if not self.skip_keys_exists(result, context_text)]
+        return set(result for result in set(results) if not self.skip_keys_exists(result, context_text))
 
     def skip_keys_exists(self, result: PotentialSecret, string: str) -> bool:
         for secret_regex in self.skip_keys:
-            regex = re.compile(secret_regex.format(
-                secret= re.escape(result.secret_value),
-            ), re.DOTALL)
+            regex = re.compile(
+                secret_regex.format(
+                    secret=re.escape(result.secret_value),
+                ), re.DOTALL,
+            )
             if regex.search(string) is not None:
                 return True
-        return False
+        return False
diff --git a/tests/plugins/azure_storage_key_test.py b/tests/plugins/azure_storage_key_test.py
@@ -39,43 +39,43 @@ class TestAzureStorageKeyDetector:
 
             # Test skip only public keys
             (
-                "PublicKey: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==",
+                'PublicKey: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==',
                 False,
             ),
             (
-                "PublicKey: ssh-rsa lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==",
+                'PublicKey: ssh-rsa lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==',
                 False,
             ),
             (
-                "SshPublicKey: ssh-rsa lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==",
+                'SshPublicKey: ssh-rsa lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==',
                     False,
             ),
             (
-                "PublicKeys: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==",
+                'PublicKeys: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==',
                 False,
             ),
             (
-                "SshPublicKeys: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==",
+                'SshPublicKeys: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==',
                 False,
             ),
             (
-                "PrivateKeys: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==",
+                'PrivateKeys: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==',
                 True,
             ),
 
             # Test multilines
             (
-                """PrivateKeys: 
+                """PrivateKeys:
                 - lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==""",
                 True,
             ),
             (
-                """SshPublicKeys: 
+                """SshPublicKeys:
                 - lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==""",
                 False,
             ),
             (
-                """SshPublicKeys: 
+                """SshPublicKeys:
                 - >-
                 lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==""",
                 False,