Default lineno to be 0 in PotentialSecret, Change typ to be list

KevinHock · KevinHock · commit 29b3b7841451 · 2018-09-18T17:26:34.000-07:00
diff --git a/detect_secrets/core/audit.py b/detect_secrets/core/audit.py
@@ -321,10 +321,6 @@ def _highlight_secret(secret_line, secret, filename, plugin_settings):
             plugin.secret_type,
             filename,
             secret=raw_secret,
-
-            # This doesn't matter, because PotentialSecret only uses
-            # line numbers for logging, and we're not logging it.
-            lineno=0,
         )
 
         # There could be more than two secrets on the same line.
diff --git a/detect_secrets/core/potential_secret.py b/detect_secrets/core/potential_secret.py
@@ -18,30 +18,30 @@ def __init__(
         self,
         typ,
         filename,
-        lineno,
         secret,
+        lineno=0,
         is_secret=None,
     ):
         """
-        :type typ: str
-        :param typ: human-readable secret type, defined by the plugin
+        :type typ: list(str)
+        :param typ: human-readable secret types, defined by the plugins
                     that generated this PotentialSecret.
-                    e.g. "High Entropy String"
+                    e.g. ["High Entropy String"]
 
         :type filename: str
         :param filename: name of file that this secret was found
 
+        :type secret: str
+        :param secret: the actual secret identified
+
         :type lineno: int
         :param lineno: location of secret, within filename.
                        Merely used as a reference for easy triage.
 
-        :type secret: str
-        :param secret: the actual secret identified
-
         :type is_secret: bool|None
         :param is_secret: whether or not the secret is a true- or false- positive
         """
-        self.type = typ
+        self.type = [typ]
         self.filename = filename
         self.lineno = lineno
         self.secret_hash = self.hash_secret(secret)
@@ -87,7 +87,10 @@ def __ne__(self, other):
 
     def __hash__(self):
         return hash(
-            tuple([getattr(self, x) for x in self.fields_to_compare]),
+            tuple(
+                getattr(self, x)
+                for x in self.fields_to_compare
+            ),
         )
 
     def __str__(self):  # pragma: no cover
diff --git a/detect_secrets/core/secrets_collection.py b/detect_secrets/core/secrets_collection.py
@@ -88,8 +88,8 @@ def _load_baseline_from_dict(cls, data):
                 secret = PotentialSecret(
                     item['type'],
                     filename,
-                    item['line_number'],
                     secret='will be replaced',
+                    lineno=item['line_number'],
                     is_secret=item.get('is_secret'),
                 )
                 secret.secret_hash = item['hashed_secret']
@@ -204,7 +204,7 @@ def get_secret(self, filename, secret, type_=None):
         if type_:
             # Optimized lookup, because we know the type of secret
             # (and therefore, its hash)
-            tmp_secret = PotentialSecret(type_, filename, 0, 'will be overriden')
+            tmp_secret = PotentialSecret(type_, filename, secret='will be overriden')
             tmp_secret.secret_hash = secret
 
             if tmp_secret in self.data[filename]:
diff --git a/detect_secrets/plugins/basic_auth.py b/detect_secrets/plugins/basic_auth.py
@@ -22,8 +22,8 @@ def analyze_string(self, string, line_num, filename):
             secret = PotentialSecret(
                 self.secret_type,
                 filename,
-                line_num,
                 result,
+                line_num,
             )
             output[secret] = secret
 
diff --git a/detect_secrets/plugins/high_entropy_strings.py b/detect_secrets/plugins/high_entropy_strings.py
@@ -102,7 +102,7 @@ def analyze_string(self, string, line_num, filename):
         for result in self.secret_generator(string):
             if self.is_sequential_string(result):
                 continue
-            secret = PotentialSecret(self.secret_type, filename, line_num, result)
+            secret = PotentialSecret(self.secret_type, filename, result, line_num)
             output[secret] = secret
 
         return output
diff --git a/detect_secrets/plugins/keyword.py b/detect_secrets/plugins/keyword.py
@@ -55,8 +55,8 @@ def analyze_string(self, string, line_num, filename):
             secret = PotentialSecret(
                 self.secret_type,
                 filename,
-                line_num,
                 identifier,
+                line_num,
             )
             output[secret] = secret
 
diff --git a/detect_secrets/plugins/private_key.py b/detect_secrets/plugins/private_key.py
@@ -55,8 +55,8 @@ def analyze_string(self, string, line_num, filename):
             secret = PotentialSecret(
                 self.secret_type,
                 filename,
-                line_num,
                 identifier,
+                line_num,
             )
             output[secret] = secret
 
diff --git a/tests/core/baseline_test.py b/tests/core/baseline_test.py
@@ -178,7 +178,7 @@ def test_new_secret_line_old_file(self):
         results = get_secrets_not_in_baseline(new_findings, baseline)
 
         assert len(results.data['filename']) == 1
-        secretA = PotentialSecret('type', 'filename', 1, 'secret1')
+        secretA = PotentialSecret('type', 'filename', 'secret1', 1)
         assert results.data['filename'][secretA].secret_hash == \
             PotentialSecret.hash_secret('secret1')
         assert baseline.data == backup_baseline
@@ -201,7 +201,7 @@ def test_rolled_creds(self):
 
         assert len(results.data['filename']) == 1
 
-        secretA = PotentialSecret('type', 'filename', 1, 'secret_new')
+        secretA = PotentialSecret('type', 'filename', 'secret_new', 1)
         assert results.data['filename'][secretA].secret_hash == \
             PotentialSecret.hash_secret('secret_new')
         assert baseline.data == backup_baseline
diff --git a/tests/core/secrets_collection_test.py b/tests/core/secrets_collection_test.py
@@ -369,7 +369,7 @@ class MockPluginFixedValue(MockBasePlugin):
     def analyze(self, f, filename):
         # We're not testing the plugin's ability to analyze secrets, so
         # it doesn't matter what we return
-        secret = PotentialSecret('mock fixed value type', filename, 1, 'asdf')
+        secret = PotentialSecret('mock fixed value type', filename, 'asdf', 1)
         return {secret: secret}
 
 
@@ -380,7 +380,7 @@ class MockPluginFileValue(MockBasePlugin):
     def analyze(self, f, filename):
         # We're not testing the plugin's ability to analyze secrets, so
         # it doesn't matter what we return
-        secret = PotentialSecret('mock file value type', filename, 2, f.read().strip())
+        secret = PotentialSecret('mock file value type', filename, f.read().strip(), 2)
         return {secret: secret}
 
 
@@ -389,7 +389,7 @@ class MockPasswordPluginValue(MockBasePlugin):
     secret_type = 'mock_plugin_file_value'
 
     def analyze(self, f, filename):
-        password_secret = PotentialSecret('Password', filename, 2, f.read().strip())
+        password_secret = PotentialSecret('Password', filename, f.read().strip(), 2)
         return {
             password_secret: password_secret,
         }

Original file line number	Diff line number	Diff line change
`@@ -22,8 +22,8 @@ def analyze_string(self, string, line_num, filename):`
`22`	`22`	`secret = PotentialSecret(`
`23`	`23`	`self.secret_type,`
`24`	`24`	`filename,`
`25`		`- line_num,`
`26`	`25`	`result,`
	`26`	`+ line_num,`
`27`	`27`	`)`
`28`	`28`	`output[secret] = secret`
`29`	`29`
Original file line number	Diff line number	Diff line change
`@@ -55,8 +55,8 @@ def analyze_string(self, string, line_num, filename):`
`55`	`55`	`secret = PotentialSecret(`
`56`	`56`	`self.secret_type,`
`57`	`57`	`filename,`
`58`		`- line_num,`
`59`	`58`	`identifier,`
	`59`	`+ line_num,`
`60`	`60`	`)`
`61`	`61`	`output[secret] = secret`
`62`	`62`