more support for env variables in files

.secrets.baseline

@@ -1,11 +1,17 @@
 {
-  "exclude_regex": "test_data/.*|tests/.*",
-  "generated_at": "2018-07-12T23:20:29Z",
+  "exclude_regex": "test_data/.*|tests/.*|^.secrets.baseline$",
+  "generated_at": "2018-12-21T22:29:02Z",
   "plugins_used": [
+    {
+      "name": "AWSKeyDetector"
+    },
     {
       "base64_limit": 4.5,
       "name": "Base64HighEntropyString"
     },
+    {
+      "name": "BasicAuthDetector"
+    },
     {
       "hex_limit": 3,
       "name": "HexHighEntropyString"
@@ -15,58 +21,70 @@
     }
   ],
   "results": {
+    "README.md": [
+      {
+        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
+        "line_number": 153,
+        "type": "Basic Auth Credentials"
+      }
+    ],
     "detect_secrets/plugins/high_entropy_strings.py": [
       {
         "hashed_secret": "88a7b59d2e9172960b72b65f7839b9da2453f3e9",
         "is_secret": false,
-        "line_number": 215,
+        "line_number": 261,
         "type": "Hex High Entropy String"
       }
     ],
     "detect_secrets/plugins/private_key.py": [
       {
         "hashed_secret": "be4fc4886bd949b369d5e092eb87494f12e57e5b",
         "is_secret": false,
-        "line_number": 34,
+        "line_number": 43,
         "type": "Private Key"
       },
       {
         "hashed_secret": "daefe0b4345a654580dcad25c7c11ff4c944a8c0",
         "is_secret": false,
-        "line_number": 35,
+        "line_number": 44,
         "type": "Private Key"
       },
       {
         "hashed_secret": "f0778f3e140a61d5bbbed5430773e52af2f5fba4",
         "is_secret": false,
-        "line_number": 36,
+        "line_number": 45,
         "type": "Private Key"
       },
       {
         "hashed_secret": "27c6929aef41ae2bcadac15ca6abcaff72cda9cd",
         "is_secret": false,
-        "line_number": 37,
+        "line_number": 46,
         "type": "Private Key"
       },
       {
         "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9",
         "is_secret": false,
-        "line_number": 38,
+        "line_number": 47,
         "type": "Private Key"
       },
       {
         "hashed_secret": "11200d1bf5e1eb358b5d823c443347d97e982a85",
         "is_secret": false,
-        "line_number": 39,
+        "line_number": 48,
         "type": "Private Key"
       },
       {
         "hashed_secret": "9279619d0c9a9529b0b223e3b809f4df24b8ba8b",
         "is_secret": false,
-        "line_number": 40,
+        "line_number": 49,
+        "type": "Private Key"
+      },
+      {
+        "hashed_secret": "4ada9713ec27066b2ffe0b7bd9c9c8d635dc4ab2",
+        "line_number": 50,
         "type": "Private Key"
       }
     ]
   },
-  "version": "0.9.1"
+  "version": "0.11.0"
 }

detect_secrets/plugins/core/ini_file_parser.py

@@ -4,10 +4,17 @@
 
 class IniFileParser(object):
 
-    def __init__(self, file):
+    def __init__(self, file, add_header=False):
         self.parser = configparser.ConfigParser()
         self.parser.optionxform = str
-        self.parser.read_file(file)
+
+        if not add_header:
+            self.parser.read_file(file)
+        else:
+            # This supports environment variables, or other files that look
+            # like config files, without a section header.
+            content = file.read()
+            self.parser.read_string('[global]\n' + content)
 
         # Hacky way to keep track of line location
         file.seek(0)

detect_secrets/plugins/high_entropy_strings.py

@@ -52,17 +52,23 @@ def __init__(self, charset, limit, *args):
 
     def analyze(self, file, filename):
         file_type_analyzers = (
-            (self._analyze_ini_file, configparser.Error,),
+            (self._analyze_ini_file(), configparser.Error,),
             (self._analyze_yaml_file, yaml.YAMLError,),
+            (super(HighEntropyStringsPlugin, self).analyze, Exception,),
+            (self._analyze_ini_file(True), configparser.Error,),
         )
 
         for analyze_function, exception_class in file_type_analyzers:
             try:
-                return analyze_function(file, filename)
+                output = analyze_function(file, filename)
+                if output:
+                    return output
             except exception_class:
-                file.seek(0)
+                pass
 
-        return super(HighEntropyStringsPlugin, self).analyze(file, filename)
+            file.seek(0)
+
+        return {}
 
     def calculate_shannon_entropy(self, data):
         """Returns the entropy of a given string.
@@ -158,21 +164,24 @@ def non_quoted_string_regex(self, strict=True):
         finally:
             self.regex = old_regex
 
-    def _analyze_ini_file(self, file, filename):
+    def _analyze_ini_file(self, add_header=False):
         """
         :returns: same format as super().analyze()
         """
-        potential_secrets = {}
+        def wrapped(file, filename):
+            potential_secrets = {}
 
-        with self.non_quoted_string_regex():
-            for value, lineno in IniFileParser(file).iterator():
-                potential_secrets.update(self.analyze_string(
-                    value,
-                    lineno,
-                    filename,
-                ))
+            with self.non_quoted_string_regex():
+                for value, lineno in IniFileParser(file, add_header).iterator():
+                    potential_secrets.update(self.analyze_string(
+                        value,
+                        lineno,
+                        filename,
+                    ))
 
-        return potential_secrets
+            return potential_secrets
+
+        return wrapped
 
     def _analyze_yaml_file(self, file, filename):
         """

test_data/config.env

@@ -0,0 +1 @@
+mimi=gX69YO4CvBsVjzAwYxdGyDd30t5+9ez31gKATtj4

tests/plugins/high_entropy_strings_test.py

@@ -108,6 +108,25 @@ def test_ignored_lines(self, content_to_format):
 
         assert len(results) == 0
 
+    def test_entropy_lower_limit(self):
+        with pytest.raises(ValueError):
+            Base64HighEntropyString(-1)
+
+    def test_entropy_upper_limit(self):
+        with pytest.raises(ValueError):
+            Base64HighEntropyString(15)
+
+
+class TestBase64HighEntropyStrings(HighEntropyStringsTest):
+
+    def setup(self):
+        super(TestBase64HighEntropyStrings, self).setup(
+            # Testing default limit, as suggested by truffleHog.
+            Base64HighEntropyString(4.5),
+            'c3VwZXIgc2VjcmV0IHZhbHVl',     # too short for high entropy
+            'c3VwZXIgbG9uZyBzdHJpbmcgc2hvdWxkIGNhdXNlIGVub3VnaCBlbnRyb3B5',
+        )
+
     def test_ini_file(self):
         # We're testing two files here, because we want to make sure that
         # the HighEntropyStrings regex is reset back to normal after
@@ -148,31 +167,25 @@ def test_yaml_file(self):
         with open('test_data/config.yaml') as f:
             secrets = plugin.analyze(f, 'test_data/config.yaml')
 
-        assert len(secrets.values()) == 1
+        assert len(secrets.values()) == 2
         for secret in secrets.values():
             location = str(secret).splitlines()[1]
             assert location in (
                 'Location:    test_data/config.yaml:3',
+                'Location:    test_data/config.yaml:5',
             )
 
-    def test_entropy_lower_limit(self):
-        with pytest.raises(ValueError):
-            Base64HighEntropyString(-1)
-
-    def test_entropy_upper_limit(self):
-        with pytest.raises(ValueError):
-            Base64HighEntropyString(15)
+    def test_env_file(self):
+        plugin = Base64HighEntropyString(4.5)
+        with open('test_data/config.env') as f:
+            secrets = plugin.analyze(f, 'test_data/config.env')
 
-
-class TestBase64HighEntropyStrings(HighEntropyStringsTest):
-
-    def setup(self):
-        super(TestBase64HighEntropyStrings, self).setup(
-            # Testing default limit, as suggested by truffleHog.
-            Base64HighEntropyString(4.5),
-            'c3VwZXIgc2VjcmV0IHZhbHVl',     # too short for high entropy
-            'c3VwZXIgbG9uZyBzdHJpbmcgc2hvdWxkIGNhdXNlIGVub3VnaCBlbnRyb3B5',
-        )
+        assert len(secrets.values()) == 1
+        for secret in secrets.values():
+            location = str(secret).splitlines()[1]
+            assert location in (
+                'Location:    test_data/config.env:1',
+            )
 
 
 class TestHexHighEntropyStrings(HighEntropyStringsTest):