-
Notifications
You must be signed in to change notification settings - Fork 466
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add audit baseline functionality #44
Conversation
…t-baseline-functionality
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM :D
detect_secrets/core/audit.py
Outdated
|
||
current_secret_index += 1 | ||
|
||
break |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure I follow, why only do the first filename
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, nice catch.
I throw in break
s when testing; looks like I missed a spot.
detect_secrets/core/audit.py
Outdated
def _secret_generator(baseline): | ||
"""Generates secrets to audit, from the baseline""" | ||
current_secret_index = 1 | ||
num_secrets_to_parse = sum(map( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Maybe add some comments and space it out so there isn't the )))
. I initially misread it as map
gets all the secrets that don't have an is_secret
attribute (i.e. the ones that have not been audited) and adds that number to the number of results in the baseline.
num_secrets_to_parse = sum(
map(
lambda filename: len(
list(
filter(
lambda secret: not hasattr(secret, 'is_secret'),
baseline['results'][filename],
)
)
),
baseline['results'],
)
)
lineno=0, | ||
) | ||
|
||
# There could be more than two secrets on the same line. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice. :D
detect_secrets/core/audit.py
Outdated
for raw_secret in plugin.secret_generator(secret_line): | ||
yield raw_secret | ||
|
||
# It hits here if the secret has been moved, from the original |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it'd be more pythonic/you wouldn't need a comment (uncle bob 💯 ), if you did for .. else
(i.e. if you don't take a break you get a raise.)
), | ||
x[1], | ||
), | ||
enumerate(output), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wow, woah, this is reel nice 🍰 ⚡️ 💡
61cf2d5
to
b77ceec
Compare
Testing
Output
Features
--scan
.skip
allows you to revisit the secret at a later time.Backwards Compatibility Considerations
This is a breaking change!
plugins_used
list with proper initialization args.SensitivityValues
has been dropped.detect-secrets-server
will need to be pinned on an older version, until fixed.