Skip to content

Commit

Permalink
Support for C++ programming language
Browse files Browse the repository at this point in the history
  • Loading branch information
@pablosnt
pablosnt committed Mar 12, 2021
1 parent 2a7003e commit eee4649
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 1 deletion.
14 changes: 14 additions & 0 deletions detect_secrets/plugins/keyword.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@
# e.g. my_password = "bar"
# e.g. my_password = @"bar"
# e.g. my_password[] = "bar";
# e.g. char my_password[25] = "bar";
r'{denylist}({square_brackets})?{optional_whitespace}[!=]{{1,2}}{optional_whitespace}(@)?(")({secret})(\5)'.format( # noqa: E501
denylist=DENYLIST_REGEX,
square_brackets=SQUARE_BRACKETS,
Expand All @@ -131,6 +132,14 @@
),
flags=re.IGNORECASE,
)
FOLLOWEB_BY_OPTIONAL_ASSIGN_QUOTES_REQUIRED_REGEX = re.compile(
# e.g. std::string secret("bar");
# e.g. secret.assign("bar",17);
r'{denylist}(.assign)?\((")({secret})(\3)'.format(
denylist=DENYLIST_REGEX,
secret=SECRET,
),
)
FOLLOWED_BY_EQUAL_SIGNS_REGEX = re.compile(
# e.g. my_password = bar
# e.g. my_password == "bar" or my_password != "bar" or my_password === "bar"
Expand Down Expand Up @@ -199,6 +208,10 @@
COMMON_C_DENYLIST_REGEX_TO_GROUP = {
FOLLOWED_BY_EQUAL_SIGNS_OPTIONAL_BRACKETS_OPTIONAL_AT_SIGN_QUOTES_REQUIRED_REGEX: 6,
}
C_PLUS_PLUS_REGEX_TO_GROUP = {
FOLLOWEB_BY_OPTIONAL_ASSIGN_QUOTES_REQUIRED_REGEX: 4,
FOLLOWED_BY_EQUAL_SIGNS_QUOTES_REQUIRED_REGEX: 5,
}
QUOTES_REQUIRED_DENYLIST_REGEX_TO_GROUP = {
FOLLOWED_BY_COLON_QUOTES_REQUIRED_REGEX: 5,
PRECEDED_BY_EQUAL_COMPARISON_SIGNS_QUOTES_REQUIRED_REGEX: 2,
Expand All @@ -210,6 +223,7 @@
FileType.OBJECTIVE_C: COMMON_C_DENYLIST_REGEX_TO_GROUP,
FileType.C_SHARP: COMMON_C_DENYLIST_REGEX_TO_GROUP,
FileType.C: COMMON_C_DENYLIST_REGEX_TO_GROUP,
FileType.C_PLUS_PLUS: C_PLUS_PLUS_REGEX_TO_GROUP,
FileType.CLS: QUOTES_REQUIRED_DENYLIST_REGEX_TO_GROUP,
FileType.JAVA: QUOTES_REQUIRED_DENYLIST_REGEX_TO_GROUP,
FileType.JAVASCRIPT: QUOTES_REQUIRED_DENYLIST_REGEX_TO_GROUP,
Expand Down
4 changes: 3 additions & 1 deletion detect_secrets/util/filetype.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ class FileType(Enum):
YAML = 10
C_SHARP = 11
C = 12
OTHER = 13
C_PLUS_PLUS = 13
OTHER = 14


def determine_file_type(filename: str) -> FileType:
Expand All @@ -38,4 +39,5 @@ def determine_file_type(filename: str) -> FileType:
'.yml': FileType.YAML,
'.cs': FileType.C_SHARP,
'.c': FileType.C,
'.cpp': FileType.C_PLUS_PLUS
}.get(file_extension, FileType.OTHER)
16 changes: 16 additions & 0 deletions tests/plugins/keyword_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@

COMMON_C_TEST_CASES = [
('apikey = "{}";'.format(COMMON_SECRET), COMMON_SECRET),
('if (secret == "{}")'.format(COMMON_SECRET), COMMON_SECRET), # Comparison
('if (db_pass != "{}")'.format(COMMON_SECRET), COMMON_SECRET), # Comparison
('password = @"{}";'.format(COMMON_SECRET), COMMON_SECRET),
('my_password_secure = @"{}";'.format(COMMON_SECRET), COMMON_SECRET), # Prefix/suffix
('secrete[] = "{}";'.format(COMMON_SECRET), COMMON_SECRET),
Expand All @@ -99,6 +101,20 @@
('some_key = "real_secret"', None), # We cannot make 'key' a Keyword, too noisy)
]

C_PLUS_PLUS_TEST_CASES = [
('apikey = "{}";'.format(COMMON_SECRET), COMMON_SECRET),
('my_password_secure = "{}";'.format(COMMON_SECRET), COMMON_SECRET), # Prefix and suffix
('password = {}'.format(COMMON_SECRET), None), # Secret without quotes
('if (secret == "{}")'.format(COMMON_SECRET), COMMON_SECRET), # Comparison
('if (db_pass != "{}")'.format(COMMON_SECRET), COMMON_SECRET), # Comparison
('std::string secret("{}");'.format(COMMON_SECRET), COMMON_SECRET),
('secrete.assign("{}",17);'.format(COMMON_SECRET), COMMON_SECRET),
('api_key = ""', None), # Nothing in the quotes
('password = "somefakekey"', None), # 'fake' in the secret
('password = ${link}', None), # Has a ${ followed by a }
('some_key = "real_secret"', None), # We cannot make 'key' a Keyword, too noisy)
]

QUOTES_REQUIRED_TEST_CASES = [
('apikey: "{}"'.format(COMMON_SECRET), COMMON_SECRET),
('apikey_myservice: "{}"'.format(COMMON_SECRET), COMMON_SECRET), # Suffix
Expand Down

0 comments on commit eee4649

Please sign in to comment.