Merge branch 'pre-v1-launch' into release/1.0.0

jepsenwan · Feb 2, 2021 · 40a0630 · 40a0630
2 parents 74614cb + c303b5c
commit 40a0630
Show file tree

Hide file tree

Showing 53 changed files with 1,751 additions and 640 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -1,90 +1,250 @@
 {
-  "exclude_regex": "test_data/.*|tests/.*|^.secrets.baseline$",
-  "generated_at": "2018-12-21T22:29:02Z",
+  "generated_at": "2020-12-12T01:34:30Z",
+  "version": "0.14.3",
   "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
     {
       "name": "AWSKeyDetector"
     },
     {
-      "base64_limit": 4.5,
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "limit": 4.5,
       "name": "Base64HighEntropyString"
     },
     {
       "name": "BasicAuthDetector"
     },
     {
-      "hex_limit": 3,
+      "name": "CloudantDetector"
+    },
+    {
+      "limit": 3.0,
       "name": "HexHighEntropyString"
     },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "keyword_exclude": "",
+      "name": "KeywordDetector"
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
     {
       "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.regex.should_exclude_file",
+      "pattern": "test*"
     }
   ],
   "results": {
     "README.md": [
       {
-        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
-        "line_number": 153,
-        "type": "Basic Auth Credentials"
+        "type": "Secret Keyword",
+        "filename": "README.md",
+        "hashed_secret": "21aec83d523e5dcc7daa669d1d7de6cebe242426",
+        "is_verified": false,
+        "line_number": 371
       }
     ],
-    "detect_secrets/plugins/high_entropy_strings.py": [
+    "detect_secrets/plugins/keyword.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "detect_secrets/plugins/keyword.py",
+        "hashed_secret": "0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33",
+        "is_verified": false,
+        "line_number": 176
+      },
       {
-        "hashed_secret": "88a7b59d2e9172960b72b65f7839b9da2453f3e9",
-        "is_secret": false,
-        "line_number": 261,
-        "type": "Hex High Entropy String"
+        "type": "Secret Keyword",
+        "filename": "detect_secrets/plugins/keyword.py",
+        "hashed_secret": "62cdb7020ff920e5aa642c3d4066950dd1f01f4d",
+        "is_verified": false,
+        "line_number": 186
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "detect_secrets/plugins/keyword.py",
+        "hashed_secret": "1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29",
+        "is_verified": false,
+        "line_number": 217
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "detect_secrets/plugins/keyword.py",
+        "hashed_secret": "2a8951fc713e17840a8fe7e60050f66c66f58083",
+        "is_verified": false,
+        "line_number": 344
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "detect_secrets/plugins/keyword.py",
+        "hashed_secret": "6346ef778712eda3bf9b52b3e57d79946bf2a6c9",
+        "is_verified": false,
+        "line_number": 346
       }
     ],
     "detect_secrets/plugins/private_key.py": [
       {
-        "hashed_secret": "be4fc4886bd949b369d5e092eb87494f12e57e5b",
-        "is_secret": false,
-        "line_number": 43,
-        "type": "Private Key"
-      },
-      {
+        "type": "Private Key",
+        "filename": "detect_secrets/plugins/private_key.py",
         "hashed_secret": "daefe0b4345a654580dcad25c7c11ff4c944a8c0",
-        "is_secret": false,
-        "line_number": 44,
-        "type": "Private Key"
+        "is_verified": false,
+        "line_number": 45
       },
       {
+        "type": "Private Key",
+        "filename": "detect_secrets/plugins/private_key.py",
         "hashed_secret": "f0778f3e140a61d5bbbed5430773e52af2f5fba4",
-        "is_secret": false,
-        "line_number": 45,
-        "type": "Private Key"
+        "is_verified": false,
+        "line_number": 46
       },
       {
+        "type": "Private Key",
+        "filename": "detect_secrets/plugins/private_key.py",
         "hashed_secret": "27c6929aef41ae2bcadac15ca6abcaff72cda9cd",
-        "is_secret": false,
-        "line_number": 46,
-        "type": "Private Key"
+        "is_verified": false,
+        "line_number": 47
       },
       {
+        "type": "Private Key",
+        "filename": "detect_secrets/plugins/private_key.py",
+        "hashed_secret": "4ada9713ec27066b2ffe0b7bd9c9c8d635dc4ab2",
+        "is_verified": false,
+        "line_number": 48
+      },
+      {
+        "type": "Private Key",
+        "filename": "detect_secrets/plugins/private_key.py",
         "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9",
-        "is_secret": false,
-        "line_number": 47,
-        "type": "Private Key"
+        "is_verified": false,
+        "line_number": 49
       },
       {
-        "hashed_secret": "11200d1bf5e1eb358b5d823c443347d97e982a85",
-        "is_secret": false,
-        "line_number": 48,
-        "type": "Private Key"
+        "type": "Private Key",
+        "filename": "detect_secrets/plugins/private_key.py",
+        "hashed_secret": "be4fc4886bd949b369d5e092eb87494f12e57e5b",
+        "is_verified": false,
+        "line_number": 50
       },
       {
+        "type": "Private Key",
+        "filename": "detect_secrets/plugins/private_key.py",
         "hashed_secret": "9279619d0c9a9529b0b223e3b809f4df24b8ba8b",
-        "is_secret": false,
-        "line_number": 49,
-        "type": "Private Key"
+        "is_verified": false,
+        "line_number": 51
       },
       {
-        "hashed_secret": "4ada9713ec27066b2ffe0b7bd9c9c8d635dc4ab2",
-        "line_number": 50,
-        "type": "Private Key"
+        "type": "Private Key",
+        "filename": "detect_secrets/plugins/private_key.py",
+        "hashed_secret": "11200d1bf5e1eb358b5d823c443347d97e982a85",
+        "is_verified": false,
+        "line_number": 52
+      }
+    ],
+    "detect_secrets/plugins/twilio.py": [
+      {
+        "type": "Twilio API Key",
+        "filename": "detect_secrets/plugins/twilio.py",
+        "hashed_secret": "34c2246140bc39b1fce81d9be2124f713a06bdaf",
+        "is_verified": false,
+        "line_number": 17
+      }
+    ],
+    "docs/audit.md": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "docs/audit.md",
+        "hashed_secret": "63e1b8ad9e948f948bc19035801e8529c4c94b13",
+        "is_verified": false,
+        "line_number": 25
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/audit.md",
+        "hashed_secret": "63e1b8ad9e948f948bc19035801e8529c4c94b13",
+        "is_verified": false,
+        "line_number": 25
+      }
+    ],
+    "docs/design.md": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "docs/design.md",
+        "hashed_secret": "2785b2a1c217669b3bd8fbcb4516006e61181237",
+        "is_verified": false,
+        "line_number": 53
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/design.md",
+        "hashed_secret": "2785b2a1c217669b3bd8fbcb4516006e61181237",
+        "is_verified": false,
+        "line_number": 53
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/design.md",
+        "hashed_secret": "fc782b0875be9e076d80f5da1430d6ea501c87e5",
+        "is_verified": false,
+        "line_number": 54
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "docs/design.md",
+        "hashed_secret": "513e0a36963ae1e8431c041b744679ee578b7c44",
+        "is_verified": false,
+        "line_number": 200
       }
     ]
-  },
-  "version": "0.11.0"
+  }
 }
diff --git a/README.md b/README.md
@@ -115,7 +115,7 @@ If you want to **only** run a specific plugin, you can do:
 ```bash
 $ detect-secrets scan --list-all-plugins | \
     grep -v 'BasicAuthDetector' | \
-    sed "s#^#--disable-plugin #g | \
+    sed "s#^#--disable-plugin #g" | \
     xargs detect-secrets scan test_data
 ```
 
@@ -129,6 +129,66 @@ ratio.
 $ detect-secrets audit .secrets.baseline
 ```
 
+### Usage in Other Python Scripts
+
+**Basic Use:**
+
+```python
+from detect_secrets import SecretsCollection
+from detect_secrets.settings import default_settings
+
+secrets = SecretsCollection()
+with default_settings():
+    secrets.scan_file('test_data/config.ini')
+
+
+import json
+print(json.dumps(secrets.json(), indent=2))
+```
+
+**More Advanced Configuration:**
+
+```python
+from detect_secrets import SecretsCollection
+from detect_secrets.settings import transient_settings
+
+secrets = SecretsCollection()
+with transient_settings({
+    # Only run scans with only these plugins.
+    # This format is the same as the one that is saved in the generated baseline.
+    'plugins_used': [
+        # Example of configuring a built-in plugin
+        {
+            'name': 'Base64HighEntropyString',
+            'limit': 5.0,
+        },
+
+        # Example of using a custom plugin
+        {
+            'name': 'HippoDetector',
+            'path': 'file:///Users/aaronloo/Documents/github/detect-secrets/testing/plugins.py',
+        },
+    ],
+
+    # We can also specify whichever additional filters we want.
+    # This is an example of using the function `is_identified_by_ML_model` within the
+    # local file `./private-filters/example.py`.
+    'filters_used': [
+        {
+            'path': 'file://private-filters/example.py::is_identified_by_ML_model',
+        },
+    ]
+}) as settings:
+    # If we want to make any further adjustments to the created settings object (e.g.
+    # disabling default filters), we can do so as such.
+    settings.disable_filters(
+        'detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign',
+        'detect_secrets.filters.heuristic.is_likely_id_string',
+    )
+
+    secrets.scan_file('test_data/config.ini')
+```
+
 ## Installation
 
 ```bash

diff --git a/detect_secrets/__init__.py b/detect_secrets/__init__.py
@@ -0,0 +1 @@
+from .core.secrets_collection import SecretsCollection  # noqa: F401
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		from .core.secrets_collection import SecretsCollection # noqa: F401