|
1 | | -""" |
2 | | -This code was extracted in part from |
3 | | -https://github.com/PyCQA/bandit. Using similar heuristic logic, |
4 | | -we adapted it to fit our plugin infrastructure, to create an organized, |
5 | | -concerted effort in detecting all type of secrets in code. |
6 | | -
|
7 | | -Copyright (c) 2014 Hewlett-Packard Development Company, L.P. |
8 | | -
|
9 | | -Permission is hereby granted, free of charge, to any person obtaining a copy |
10 | | -of this software and associated documentation files (the "Software"), to deal |
11 | | -in the Software without restriction, including without limitation the rights |
12 | | -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
13 | | -copies of the Software, and to permit persons to whom the Software is |
14 | | -furnished to do so, subject to the following conditions: |
15 | | -
|
16 | | -The above copyright notice and this permission notice shall be included in |
17 | | -all copies or substantial portions of the Software. |
18 | | -
|
19 | | -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
20 | | -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
21 | | -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
22 | | -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
23 | | -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
24 | | -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
25 | | -THE SOFTWARE. |
26 | | -""" |
27 | 1 | from __future__ import absolute_import |
28 | 2 |
|
29 | | -from .base import BasePlugin |
30 | | -from detect_secrets.core.potential_secret import PotentialSecret |
31 | | - |
| 3 | +import re |
32 | 4 |
|
33 | | -BLACKLIST = ( |
34 | | - # NOTE all values here should be lowercase, |
35 | | - # otherwise _secret_generator can fail to match them |
36 | | - 'pass =', |
37 | | - 'password', |
38 | | - 'passwd', |
39 | | - 'pwd', |
40 | | - 'secret', |
41 | | - 'secrete', |
42 | | - 'token', |
43 | | -) |
| 5 | +from .base import RegexBasedDetector |
44 | 6 |
|
45 | 7 |
|
46 | | -class KeywordDetector(BasePlugin): |
47 | | - """This checks if blacklisted keywords |
48 | | - are present in the analyzed string. |
49 | | - """ |
| 8 | +class KeywordDetector(RegexBasedDetector): |
| 9 | + """This checks if blacklisted keywords are present in the analyzed string.""" |
50 | 10 |
|
51 | 11 | secret_type = 'Password' |
52 | | - |
53 | | - def analyze_string(self, string, line_num, filename): |
54 | | - output = {} |
55 | | - |
56 | | - for identifier in self.secret_generator(string): |
57 | | - secret = PotentialSecret( |
58 | | - self.secret_type, |
59 | | - filename, |
60 | | - identifier, |
61 | | - line_num, |
62 | | - ) |
63 | | - output[secret] = secret |
64 | | - |
65 | | - return output |
66 | | - |
67 | | - def _secret_generator(self, lowercase_string): |
68 | | - for line in BLACKLIST: |
69 | | - if line in lowercase_string: |
70 | | - yield line |
71 | | - |
72 | | - def secret_generator(self, string): |
73 | | - return self._secret_generator(string.lower()) |
| 12 | + blacklist = [ |
| 13 | + re.compile(s, flags=re.IGNORECASE) |
| 14 | + for s in ( |
| 15 | + r'pass =', |
| 16 | + r'password', |
| 17 | + r'passwd', |
| 18 | + r'pwd', |
| 19 | + r'secret', |
| 20 | + r'secrete', |
| 21 | + r'token', |
| 22 | + ) |
| 23 | + ] |
0 commit comments