Merge branch 'master' of github.com:Yelp/detect-secrets into feature/adding-alphanumerical-filter

Author: Aaron Loo

README.md

@@ -71,7 +71,7 @@ For baselines older than version 0.9, just recreate it.
 **Scanning Staged Files Only:**
 
 ```bash
-$ detect-secret-hook --baseline .secrets.baseline $(git diff --staged --name-only)
+$ detect-secrets-hook --baseline .secrets.baseline $(git diff --staged --name-only)
 ```
 
 **Scanning All Tracked Files:**

detect_secrets/core/log.py

@@ -64,4 +64,4 @@ def set_debug_level(self, debug_level: int) -> None:
         )
 
 
-log = get_logger()
+log = get_logger('detect-secrets')

detect_secrets/filters/heuristic.py

@@ -203,3 +203,15 @@ def is_not_alphanumeric_string(secret: str) -> bool:
     This helps avoid clear false positives, like `*****`.
     """
     return not bool(set(string.ascii_letters) & set(secret))
+
+
+def is_swagger_file(filename: str) -> bool:
+    """
+    Filters swagger files and paths, like swagger-ui.html or /swagger/.
+    """
+    return bool(_get_swagger_regex().search(filename))
+
+
+@lru_cache(maxsize=1)
+def _get_swagger_regex() -> Pattern:
+    return re.compile(r'.*swagger.*')

detect_secrets/settings.py

@@ -120,6 +120,7 @@ def clear(self) -> None:
                 'detect_secrets.filters.heuristic.is_indirect_reference',
                 'detect_secrets.filters.heuristic.is_lock_file',
                 'detect_secrets.filters.heuristic.is_not_alphanumeric_string',
+                'detect_secrets.filters.heuristic.is_swagger_file',
             }
         }
 

docs/filters.md

@@ -55,6 +55,7 @@ the `detect_secrets.filters` namespace.
 | `heuristic.is_potential_uuid`                    | Ignores uuid looking secret values.                                                 |
 | `heuristic.is_prefixed_with_dollar_sign`         | Primarily for `KeywordDetector`, filters secrets like `secret = $variableName;`.    |
 | `heuristic.is_sequential_string`                 | Ignores secrets like `abcdefg`.                                                     |
+| `heuristic.is_swagger_file`                      | Ignores swagger files and paths, like swagger-ui.html or /swagger/.                 |
 | `heuristic.is_templated_secret`                  | Ignores secrets like `secret = <key>`, `secret = {{key}}` and `secret = ${key}`.    |
 | `regex.should_exclude_line`                      | Powers the [`--exclude-lines` functionality](../README.md#--exclude-lines).         |
 | `regex.should_exclude_file`                      | Powers the [`--exclude-files` functionality](../README.md#--exclude-files).         |

requirements-dev.txt

@@ -27,7 +27,7 @@ pycodestyle==2.3.1
 pyflakes==1.6.0
 pyparsing==2.4.7
 pytest==6.1.2
-PyYAML==5.3.1
+PyYAML==5.4
 requests==2.25.0
 responses==0.12.1
 six==1.15.0
@@ -37,6 +37,6 @@ tox-pip-extensions==1.6.0
 typed-ast==1.4.1
 typing-extensions==3.7.4.3
 unidiff==0.6.0
-urllib3==1.26.2
+urllib3==1.26.3
 virtualenv==20.2.1
 zipp==3.4.0

tests/filters/heuristic_filter_test.py

@@ -1,3 +1,5 @@
+import os
+
 import pytest
 
 from detect_secrets import filters
@@ -141,3 +143,15 @@ def test_is_lock_file():
 )
 def test_is_not_alphanumeric_string(secret, result):
     assert filters.heuristic.is_not_alphanumeric_string(secret) is result
+
+
+@pytest.mark.parametrize(
+    'filename, result',
+    (
+        ('{sep}path{sep}swagger-ui.html', True),
+        ('{sep}path{sep}swagger{sep}config.yml', True),
+        ('{sep}path{sep}non{sep}swager{sep}files', False),
+    ),
+)
+def test_is_swagger_file(filename, result):
+    assert filters.heuristic.is_swagger_file(filename.format(sep=os.path.sep)) is result