Skip sequential strings in the right spot

Made an is_sequential_string function Prefixed existing sequential secrets with BEEF
richo · Aug 1, 2018 · 1cb5e89 · 1cb5e89
1 parent 87f86b1
commit 1cb5e89
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 10 deletions.
diff --git a/detect_secrets/plugins/high_entropy_strings.py b/detect_secrets/plugins/high_entropy_strings.py
@@ -83,6 +83,13 @@ def calculate_shannon_entropy(self, data):
 
         return entropy
 
+    def is_sequential_string(self, string):
+        uppercased_string = string.upper()
+        for sequential_string in IGNORED_SEQUENTIAL_STRINGS:
+            if uppercased_string in sequential_string:
+                return True
+        return False
+
     def analyze_string(self, string, line_num, filename):
         """Searches string for custom pattern, and captures all high entropy strings that
         match self.regex, with a limit defined as self.entropy_limit.
@@ -92,12 +99,9 @@ def analyze_string(self, string, line_num, filename):
         if WHITELIST_REGEX.search(string):
             return output
 
-        uppercased_string = string.upper()
-        for sequential_string in IGNORED_SEQUENTIAL_STRINGS:
-            if uppercased_string in sequential_string:
-                return output
-
         for result in self.secret_generator(string):
+            if self.is_sequential_string(result):
+                continue
             secret = PotentialSecret(self.secret_type, filename, line_num, result)
             output[secret] = secret
 

diff --git a/test_data/short_files/first_line.py b/test_data/short_files/first_line.py
@@ -1,3 +1,4 @@
-secret = '0123456789a'
+secret = 'BEEF0123456789a'
+skipped_sequential_false_positive = '0123456789a'
 print('second line')
 var = 'third line'
diff --git a/tests/core/baseline_test.py b/tests/core/baseline_test.py
@@ -89,7 +89,7 @@ def test_single_non_tracked_git_file_should_work(self):
             'detect_secrets.core.baseline.os.path.isfile',
             return_value=True,
         ), mock_open(
-            'Super hidden value "0123456789a"',
+            'Super hidden value "BEEF0123456789a"',
             'detect_secrets.core.secrets_collection.codecs.open',
         ):
             results = self.get_results('will_be_mocked')

diff --git a/tests/main_test.py b/tests/main_test.py
@@ -149,9 +149,10 @@ def test_old_baseline_ignored_with_update_flag(
             (
                 'test_data/short_files/first_line.py',
                 textwrap.dedent("""
-                    1:secret = '0123456789a'
-                    2:print('second line')
-                    3:var = 'third line'
+                    1:secret = 'BEEF0123456789a'
+                    2:skipped_sequential_false_positive = '0123456789a'
+                    3:print('second line')
+                    4:var = 'third line'
                 """)[1:-1],
             ),
             (