Make snippet with all lines so verify can look around for information…

…. Add unit test so we ensure we are calling a verify for audit unit tests
Yelp · Sep 27, 2022 · 07e8244 · 07e8244
1 parent f439653
commit 07e8244
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 3 deletions.
diff --git a/detect_secrets/audit/common.py b/detect_secrets/audit/common.py
@@ -92,7 +92,7 @@ def get_raw_secrets_from_file(
             line_numbers = list(range(len(lines_to_scan)))
 
         for line_number, line in zip(line_numbers, lines_to_scan):
-            context = get_code_snippet(lines=lines_to_scan, line_number=line_number)
+            context = get_code_snippet(lines=line_getter.lines, line_number=line_number + 1)
             identified_secrets = call_function_with_arguments(
                 plugin.analyze_line,
                 filename=secret.filename,

diff --git a/tests/audit/report_test.py b/tests/audit/report_test.py
@@ -10,6 +10,7 @@
 from detect_secrets.constants import VerifiedResult
 from detect_secrets.core import baseline
 from detect_secrets.core.secrets_collection import SecretsCollection
+from detect_secrets.plugins.aws import AWSKeyDetector
 from detect_secrets.plugins.basic_auth import BasicAuthDetector
 from detect_secrets.plugins.jwt import JwtTokenDetector
 from detect_secrets.settings import transient_settings
@@ -20,13 +21,14 @@
 first_secret = 'value1'
 second_secret = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ'  # noqa: E501
 random_secret = ''.join(random.choice(string.ascii_letters) for _ in range(8))
+aws_secret = 'AKIAZZZZZZZZZZZZZZZZ'
 
 
 @pytest.mark.parametrize(
     'class_to_print, expected_real, expected_false, expected_output',
     [
         (
-            None, 3, 1,
+            None, 4, 1,
             {
                 'results': [
                     {
@@ -71,11 +73,21 @@
                             BasicAuthDetector.secret_type,
                         ],
                     },
+                    {
+                        'category': 'VERIFIED_TRUE',
+                        'lines': {
+                            1: 'aws_access_key = {}'.format(aws_secret),
+                        },
+                        'secrets': aws_secret,
+                        'types': [
+                            AWSKeyDetector.secret_type,
+                        ],
+                    },
                 ],
             },
         ),
         (
-            SecretClassToPrint.REAL_SECRET, 3, 0,
+            SecretClassToPrint.REAL_SECRET, 4, 0,
             {
                 'results': [
                     {
@@ -109,6 +121,16 @@
                             JwtTokenDetector.secret_type,
                         ],
                     },
+                    {
+                        'category': 'VERIFIED_TRUE',
+                        'lines': {
+                            1: 'aws_access_key = {}'.format(aws_secret),
+                        },
+                        'secrets': aws_secret,
+                        'types': [
+                            AWSKeyDetector.secret_type,
+                        ],
+                    },
                 ],
             },
         ),
@@ -193,27 +215,41 @@ def baseline_file():
         url = {url_format.format(second_secret)}
         example = {url_format.format(random_secret)}
     """)[1:]
+    third_content = textwrap.dedent(f"""
+        aws_access_key = {aws_secret}
+    """)[1:]
 
     with create_file_with_content(first_content) as first_file, \
             create_file_with_content(second_content) as second_file, \
+            create_file_with_content(third_content) as third_file, \
             mock_named_temporary_file() as baseline_file, \
             transient_settings({
                 'plugins_used': [
                     {'name': 'BasicAuthDetector'},
                     {'name': 'JwtTokenDetector'},
+                    {'name': 'AWSKeyDetector'},
 
                 ],
+                'filters_used': [
+                    {
+                        'path':
+                            'detect_secrets.filters.common.is_ignored_due_to_verification_policies',
+                        'min_level': 2,
+                    },
+                ],
             }):
         secrets = SecretsCollection()
         secrets.scan_file(first_file)
         secrets.scan_file(second_file)
+        secrets.scan_file(third_file)
         labels = {
             (first_file, BasicAuthDetector.secret_type, 1): True,
             (first_file, BasicAuthDetector.secret_type, 2): None,
             (first_file, BasicAuthDetector.secret_type, 3): True,
             (second_file, JwtTokenDetector.secret_type, 1): True,
             (second_file, BasicAuthDetector.secret_type, 1): False,
             (second_file, BasicAuthDetector.secret_type, 2): False,
+            (third_file, AWSKeyDetector.secret_type, 1): True,
         }
         for item in secrets:
             _, secret = item