Make is_secret an attribute of PotentialSecret

And make _load_baseline_from_dict pick it up, so that it does not get removed when e.g. lines move around. Add is_secret attribute to _create_baseline() in pre_commit_hook_test.py so that TestPreCommitHook.test_writes_new_baseline_if_modified covers the change. Fixes Yelp#60
maulik2 · Jul 31, 2018 · 710d96e · 710d96e
1 parent 06db4b0
commit 710d96e
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 2 deletions.
diff --git a/detect_secrets/core/potential_secret.py b/detect_secrets/core/potential_secret.py
@@ -14,7 +14,14 @@ class PotentialSecret(object):
     without actually knowing what the secret is.
     """
 
-    def __init__(self, typ, filename, lineno, secret):
+    def __init__(
+        self,
+        typ,
+        filename,
+        lineno,
+        secret,
+        is_secret=None,
+    ):
         """
         :type typ: str
         :param typ: human-readable secret type, defined by the plugin
@@ -30,11 +37,15 @@ def __init__(self, typ, filename, lineno, secret):
 
         :type secret: str
         :param secret: the actual secret identified
+
+        :type is_secret: bool|None
+        :param is_secret: whether or not the secret is a true- or false- positive
         """
         self.type = typ
         self.filename = filename
         self.lineno = lineno
         self.secret_hash = self.hash_secret(secret)
+        self.is_secret = is_secret
 
         # If two PotentialSecrets have the same values for these fields,
         # they are considered equal. Note that line numbers aren't included
@@ -60,6 +71,9 @@ def json(self):
             'hashed_secret': self.secret_hash,
         }
 
+        if self.is_secret is not None:
+            attributes['is_secret'] = self.is_secret
+
         return attributes
 
     def __eq__(self, other):

diff --git a/detect_secrets/core/secrets_collection.py b/detect_secrets/core/secrets_collection.py
@@ -89,7 +89,8 @@ def _load_baseline_from_dict(cls, data):
                     item['type'],
                     filename,
                     item['line_number'],
-                    'will be replaced',
+                    secret='will be replaced',
+                    is_secret=item.get('is_secret'),
                 )
                 secret.secret_hash = item['hashed_secret']
                 result.data[filename][secret] = secret

diff --git a/tests/pre_commit_hook_test.py b/tests/pre_commit_hook_test.py
@@ -200,6 +200,7 @@ def _create_baseline():
             'test_data/files/file_with_secrets.py': [
                 {
                     'type': 'Base64 High Entropy String',
+                    'is_secret': True,
                     'line_number': 3,
                     'hashed_secret': PotentialSecret.hash_secret(base64_secret),
                 },