From 89d9efa3df431b21ab2edd43800728c860619e91 Mon Sep 17 00:00:00 2001 From: Anatolii Stadnichuk Date: Mon, 22 Jan 2024 21:37:25 +0000 Subject: [PATCH] BCE-24998 scan multi lines and skip public keys --- detect_secrets/plugins/azure_storage_key.py | 17 +++++++++++------ tests/plugins/azure_storage_key_test.py | 18 +++++++++--------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/detect_secrets/plugins/azure_storage_key.py b/detect_secrets/plugins/azure_storage_key.py index e1901cda7..3f25838bb 100644 --- a/detect_secrets/plugins/azure_storage_key.py +++ b/detect_secrets/plugins/azure_storage_key.py @@ -5,10 +5,13 @@ import re +from detect_secrets.core.potential_secret import PotentialSecret from detect_secrets.plugins.base import RegexBasedDetector from detect_secrets.util.code_snippet import CodeSnippet -from detect_secrets.core.potential_secret import PotentialSecret +from typing import Any +from typing import Set +from typing import Optional class AzureStorageKeyDetector(RegexBasedDetector): """Scans for Azure Storage Account access keys.""" @@ -50,13 +53,15 @@ def filter_skip_keys( line: str, ) -> Set[PotentialSecret]: context_text = ''.join(context.lines) if context else line; - return [result for result in set(results) if not self.skip_keys_exists(result, context_text)] + return set(result for result in set(results) if not self.skip_keys_exists(result, context_text)) def skip_keys_exists(self, result: PotentialSecret, string: str) -> bool: for secret_regex in self.skip_keys: - regex = re.compile(secret_regex.format( - secret= re.escape(result.secret_value), - ), re.DOTALL) + regex = re.compile( + secret_regex.format( + secret=re.escape(result.secret_value), + ), re.DOTALL, + ) if regex.search(string) is not None: return True - return False \ No newline at end of file + return False diff --git a/tests/plugins/azure_storage_key_test.py b/tests/plugins/azure_storage_key_test.py index 9a63a4ee2..ea735f9ee 100644 --- a/tests/plugins/azure_storage_key_test.py +++ b/tests/plugins/azure_storage_key_test.py @@ -39,43 +39,43 @@ class TestAzureStorageKeyDetector: # Test skip only public keys ( - "PublicKey: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==", + 'PublicKey: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==', False, ), ( - "PublicKey: ssh-rsa lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==", + 'PublicKey: ssh-rsa lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==', False, ), ( - "SshPublicKey: ssh-rsa lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==", + 'SshPublicKey: ssh-rsa lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==', False, ), ( - "PublicKeys: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==", + 'PublicKeys: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==', False, ), ( - "SshPublicKeys: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==", + 'SshPublicKeys: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==', False, ), ( - "PrivateKeys: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==", + 'PrivateKeys: lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==', True, ), # Test multilines ( - """PrivateKeys: + """PrivateKeys: - lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==""", True, ), ( - """SshPublicKeys: + """SshPublicKeys: - lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==""", False, ), ( - """SshPublicKeys: + """SshPublicKeys: - >- lJzRc1YdHaAA2KCNJJ1tkYwF/+mKK6Ygw0NGe170Xu592euJv2wYUtBlV8z+qnlcNQSnIYVTkLWntUO1F8j8rQ==""", False,