tests pass

Author: Aaron Loo

.coveragerc

@@ -22,3 +22,6 @@ exclude_lines =
 
     # Need to redefine this, as per documentation
     pragma: no cover
+
+    # Don't complain for skipped tests
+    ^@pytest.mark.skip

detect_secrets/audit/io.py

@@ -115,7 +115,7 @@ def __init__(self, allow_labelling: bool, allow_backstep: bool) -> None:
         self.options = [option.name.lower() for option in options]
 
     def __str__(self) -> str:
-        if 'y' in self.valid_input:
+        if 'Y' in self.valid_input:
             output = 'Is this a valid secret (not a false-positive)?'
         else:
             output = 'What would you like to do?'

detect_secrets/core/upgrades/v1_0.py

@@ -18,15 +18,6 @@ def _migrate_filters(baseline: Dict[str, Any]) -> None:
     contain the default filters used before this version upgrade.
     """
     baseline['filters_used'] = [
-        {
-            'path': 'detect_secrets.filters.allowlist.is_line_allowlisted',
-        },
-        {
-            'path': 'detect_secrets.filters.common.is_invalid_file',
-        },
-        {
-            'path': 'detect_secrets.filters.heuristic.is_non_text_file',
-        },
         {
             'path': 'detect_secrets.filters.heuristic.is_sequential_string',
         },

detect_secrets/core/usage/scan.py

@@ -65,6 +65,6 @@ def parse_args(args: argparse.Namespace) -> None:
 
     # NOTE: This is assumed to run *after* the baseline argument processor, and before
     # the plugin argument processor.
-    if args.baseline and args.force_use_all_plugins:
+    if args.baseline is not None and args.force_use_all_plugins:
         get_settings().plugins.clear()
         initialize_plugin_settings(args)

detect_secrets/filters/heuristic.py

@@ -58,7 +58,11 @@ def _get_uuid_regex() -> Pattern:
 
 
 def is_likely_id_string(secret: str, line: str) -> bool:
-    index = line.index(secret)
+    try:
+        index = line.index(secret)
+    except ValueError:
+        return False
+
     return bool(_get_id_detector_regex().search(line, pos=0, endpos=index))
 
 

detect_secrets/plugins/common/__init__.py

@@ -66,6 +66,9 @@ class Settings:
     }
 
     def __init__(self) -> None:
+        self.clear()
+
+    def clear(self) -> None:
         # mapping of class names to initialization variables
         self.plugins: Dict[str, Dict[str, Any]] = {}
 
@@ -89,7 +92,6 @@ def configure_plugins(self, config: List[Dict[str, Any]]) -> 'Settings':
             ]
         """
         for plugin in config:
-            # TODO: Can we remove this, once we fix up SecretsCollection?
             plugin = {**plugin}
             name = plugin.pop('name')
             self.plugins[name] = plugin

detect_secrets/plugins/common/ini_file_parser.py

@@ -4,6 +4,10 @@
 from typing import Optional
 from typing import Set
 
+from .audit.exceptions import SecretNotFoundOnSpecifiedLineError
+from .core.potential_secret import PotentialSecret
+from .util.code_snippet import CodeSnippet
+
 
 class SelfAwareCallable:
     """
@@ -28,11 +32,11 @@ class SecretContext(NamedTuple):
     current_index: int
     num_total_secrets: int
 
-    secret: 'PotentialSecret'       # noqa: F821
+    secret: PotentialSecret
     header: Optional[str] = None
 
     # Either secret context is provided...
-    snippet: Optional['CodeSnippet'] = None
+    snippet: Optional[CodeSnippet] = None
 
     # ...or error information. But it has an XOR relationship.
-    error: Optional['SecretNotFoundOnSpecifiedLineError'] = None
+    error: Optional[SecretNotFoundOnSpecifiedLineError] = None

detect_secrets/settings.py

@@ -1,95 +0,0 @@
-import hashlib
-import os
-import subprocess
-
-
-def build_automaton(word_list):
-    """
-    :type word_list: str
-    :param word_list: optional word list file for ignoring certain words.
-
-    :rtype: (ahocorasick.Automaton, str)
-    :returns: an automaton, and an iterated sha1 hash of the words in the word list.
-    """
-    # Dynamic import due to optional-dependency
-    try:
-        import ahocorasick
-    except ImportError:  # pragma: no cover
-        print('Please install the `pyahocorasick` package to use --word-list')
-        raise
-
-    # See https://pyahocorasick.readthedocs.io/en/latest/
-    # for more information.
-    automaton = ahocorasick.Automaton()
-    word_list_hash = hashlib.sha1()
-
-    with open(word_list) as f:
-        for line in f.readlines():
-            # .lower() to make everything case-insensitive
-            line = line.lower().strip()
-            if len(line) > 3:
-                word_list_hash.update(line.encode('utf-8'))
-                automaton.add_word(line, line)
-
-    automaton.make_automaton()
-
-    return (
-        automaton,
-        word_list_hash.hexdigest(),
-    )
-
-
-def get_root_directory():  # pragma: no cover
-    return os.path.realpath(
-        os.path.join(
-            os.path.dirname(__file__),
-            '../../',
-        ),
-    )
-
-
-def get_git_sha(path):
-    """Returns the sha of the git checkout at the input path.
-
-    :type path: str
-    :param path: directory of the git checkout
-
-    :rtype: str|None
-    :returns: git sha of the input path
-    """
-    try:
-        with open(os.devnull, 'w') as fnull:
-            return subprocess.check_output(
-                ['git', 'rev-parse', '--verify', 'HEAD'],
-                stderr=fnull,
-                cwd=path,
-            ).decode('utf-8').split()[0]
-    except (subprocess.CalledProcessError, OSError, IndexError):  # pragma: no cover
-        return None
-
-
-def get_git_remotes(path):
-    """Returns a list of unique git remotes of the checkout
-    at the input path.
-
-    :type path: str
-    :param path: directory of the git checkout
-
-    :rtype: List<str>|None
-    :returns: A list of unique git urls
-    """
-    try:
-        with open(os.devnull, 'w') as fnull:
-            git_remotes = subprocess.check_output(
-                ['git', 'remote', '-v'],
-                stderr=fnull,
-                cwd=path,
-            ).decode('utf-8').split('\n')
-            return list({
-                git_remote.split()[1]
-                for git_remote
-                in git_remotes
-                if len(git_remote) > 2  # split('\n') produces an empty list
-            })
-    except (subprocess.CalledProcessError, OSError):  # pragma: no cover
-        return None

detect_secrets/types.py

@@ -2,8 +2,8 @@
 # on python 3.6.0 (xenial)
 coverage<5
 flake8==3.5.0
-mock
 monotonic
+mypy
 pre-commit==1.11.2
 pyahocorasick
 pytest

detect_secrets/util/__init__.py

@@ -1,7 +1,7 @@
 from setuptools import find_packages
 from setuptools import setup
 
-from detect_secrets import VERSION
+from detect_secrets.__version__ import VERSION
 
 
 setup(