|
1 | | -""" |
2 | | -This code was extracted in part from |
3 | | -https://github.com/pre-commit/pre-commit-hooks. Using similar heuristic logic, |
4 | | -we adapted it to fit our plugin infrastructure, to create an organized, |
5 | | -concerted effort in detecting all type of secrets in code. |
6 | | -
|
7 | | -Copyright (c) 2014 pre-commit dev team: Anthony Sottile, Ken Struys |
8 | | -
|
9 | | -Permission is hereby granted, free of charge, to any person obtaining a copy |
10 | | -of this software and associated documentation files (the "Software"), to deal |
11 | | -in the Software without restriction, including without limitation the rights |
12 | | -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
13 | | -copies of the Software, and to permit persons to whom the Software is |
14 | | -furnished to do so, subject to the following conditions: |
15 | | -
|
16 | | -The above copyright notice and this permission notice shall be included in |
17 | | -all copies or substantial portions of the Software. |
18 | | -
|
19 | | -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
20 | | -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
21 | | -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
22 | | -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
23 | | -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
24 | | -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
25 | | -THE SOFTWARE. |
26 | | -""" |
27 | 1 | from __future__ import absolute_import |
28 | 2 |
|
29 | | -from .base import BasePlugin |
30 | | -from detect_secrets.core.potential_secret import PotentialSecret |
31 | | - |
| 3 | +import re |
32 | 4 |
|
33 | | -BLACKLIST = ( |
34 | | - 'BEGIN RSA PRIVATE KEY', |
35 | | - 'BEGIN DSA PRIVATE KEY', |
36 | | - 'BEGIN EC PRIVATE KEY', |
37 | | - 'BEGIN OPENSSH PRIVATE KEY', |
38 | | - 'BEGIN PRIVATE KEY', |
39 | | - 'PuTTY-User-Key-File-2', |
40 | | - 'BEGIN SSH2 ENCRYPTED PRIVATE KEY', |
41 | | -) |
| 5 | +from .base import RegexBasedDetector |
42 | 6 |
|
43 | 7 |
|
44 | | -class PrivateKeyDetector(BasePlugin): |
| 8 | +class PrivateKeyDetector(RegexBasedDetector): |
45 | 9 | """This checks for private keys by determining whether the blacklisted |
46 | 10 | lines are present in the analyzed string. |
47 | 11 | """ |
48 | 12 |
|
49 | 13 | secret_type = 'Private Key' |
50 | | - |
51 | | - def analyze_string(self, string, line_num, filename): |
52 | | - output = {} |
53 | | - |
54 | | - for identifier in self.secret_generator(string): |
55 | | - secret = PotentialSecret( |
56 | | - self.secret_type, |
57 | | - filename, |
58 | | - identifier, |
59 | | - line_num, |
60 | | - ) |
61 | | - output[secret] = secret |
62 | | - |
63 | | - return output |
64 | | - |
65 | | - def secret_generator(self, string): |
66 | | - for line in BLACKLIST: |
67 | | - if line in string: |
68 | | - yield line |
| 14 | + blacklist = [ |
| 15 | + re.compile(regexp) |
| 16 | + for regexp in ( |
| 17 | + r'BEGIN RSA PRIVATE KEY', |
| 18 | + r'BEGIN DSA PRIVATE KEY', |
| 19 | + r'BEGIN EC PRIVATE KEY', |
| 20 | + r'BEGIN OPENSSH PRIVATE KEY', |
| 21 | + r'BEGIN PRIVATE KEY', |
| 22 | + r'PuTTY-User-Key-File-2', |
| 23 | + r'BEGIN SSH2 ENCRYPTED PRIVATE KEY', |
| 24 | + ) |
| 25 | + ] |
0 commit comments