Support for C and C# programming languages

yo61 · Mar 12, 2021 · 2a7003e · 2a7003e
1 parent 22326d5
commit 2a7003e
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 25 deletions.
diff --git a/detect_secrets/plugins/keyword.py b/detect_secrets/plugins/keyword.py
@@ -84,7 +84,7 @@
 #                   line breaks, comma, backticks or quotes. This allows to reduce the false
 #                   positives number and to prevent errors in the code snippet highlighting.
 SECRET = r'[^\v\'\"]*\w+[^\v\'\"]*[^\v,\'\"`]'
-SQUARE_BRACKETS = r'(\[\])'
+SQUARE_BRACKETS = r'(\[[0-9]*\])'
 
 FOLLOWED_BY_COLON_EQUAL_SIGNS_REGEX = re.compile(
     # e.g. my_password := "bar" or my_password := bar
@@ -123,7 +123,7 @@
     # e.g. my_password = "bar"
     # e.g. my_password = @"bar"
     # e.g. my_password[] = "bar";
-    r'{denylist}({square_brackets})?{optional_whitespace}={optional_whitespace}(@)?(")({secret})(\5)'.format(  # noqa: E501
+    r'{denylist}({square_brackets})?{optional_whitespace}[!=]{{1,2}}{optional_whitespace}(@)?(")({secret})(\5)'.format(  # noqa: E501
         denylist=DENYLIST_REGEX,
         square_brackets=SQUARE_BRACKETS,
         optional_whitespace=OPTIONAL_WHITESPACE,
@@ -161,7 +161,6 @@
     ),
     flags=re.IGNORECASE,
 )
-
 PRECEDED_BY_EQUAL_COMPARISON_SIGNS_QUOTES_REQUIRED_REGEX = re.compile(
     # e.g. "bar" == my_password or "bar" != my_password or "bar" === my_password
     # or "bar" !== my_password
@@ -174,7 +173,6 @@
         secret=SECRET,
     ),
 )
-
 FOLLOWED_BY_QUOTES_AND_SEMICOLON_REGEX = re.compile(
     # e.g. private_key "something";
     r'{denylist}{nonWhitespace}{whitespace}({quote})({secret})(\2);'.format(
@@ -198,7 +196,7 @@
     FOLLOWED_BY_EQUAL_SIGNS_REGEX: 5,
     FOLLOWED_BY_QUOTES_AND_SEMICOLON_REGEX: 3,
 }
-OBJECTIVE_C_DENYLIST_REGEX_TO_GROUP = {
+COMMON_C_DENYLIST_REGEX_TO_GROUP = {
     FOLLOWED_BY_EQUAL_SIGNS_OPTIONAL_BRACKETS_OPTIONAL_AT_SIGN_QUOTES_REQUIRED_REGEX: 6,
 }
 QUOTES_REQUIRED_DENYLIST_REGEX_TO_GROUP = {
@@ -207,13 +205,17 @@
     FOLLOWED_BY_EQUAL_SIGNS_QUOTES_REQUIRED_REGEX: 5,
     FOLLOWED_BY_QUOTES_AND_SEMICOLON_REGEX: 3,
 }
-QUOTES_REQUIRED_FILETYPES = {
-    FileType.CLS,
-    FileType.JAVA,
-    FileType.JAVASCRIPT,
-    FileType.PYTHON,
-    FileType.SWIFT,
-    FileType.TERRAFORM,
+REGEX_BY_FILETYPE = {
+    FileType.GO: GOLANG_DENYLIST_REGEX_TO_GROUP,
+    FileType.OBJECTIVE_C: COMMON_C_DENYLIST_REGEX_TO_GROUP,
+    FileType.C_SHARP: COMMON_C_DENYLIST_REGEX_TO_GROUP,
+    FileType.C: COMMON_C_DENYLIST_REGEX_TO_GROUP,
+    FileType.CLS: QUOTES_REQUIRED_DENYLIST_REGEX_TO_GROUP,
+    FileType.JAVA: QUOTES_REQUIRED_DENYLIST_REGEX_TO_GROUP,
+    FileType.JAVASCRIPT: QUOTES_REQUIRED_DENYLIST_REGEX_TO_GROUP,
+    FileType.PYTHON: QUOTES_REQUIRED_DENYLIST_REGEX_TO_GROUP,
+    FileType.SWIFT: QUOTES_REQUIRED_DENYLIST_REGEX_TO_GROUP,
+    FileType.TERRAFORM: QUOTES_REQUIRED_DENYLIST_REGEX_TO_GROUP,
 }
 
 
@@ -268,16 +270,7 @@ def analyze_line(
         **kwargs: Any,
     ) -> Set[PotentialSecret]:
         filetype = determine_file_type(filename)
-
-        if filetype in QUOTES_REQUIRED_FILETYPES:
-            denylist_regex_to_group = QUOTES_REQUIRED_DENYLIST_REGEX_TO_GROUP
-        elif filetype == FileType.GO:
-            denylist_regex_to_group = GOLANG_DENYLIST_REGEX_TO_GROUP
-        elif filetype == FileType.OBJECTIVE_C:
-            denylist_regex_to_group = OBJECTIVE_C_DENYLIST_REGEX_TO_GROUP
-        else:
-            denylist_regex_to_group = DENYLIST_REGEX_TO_GROUP
-
+        denylist_regex_to_group = REGEX_BY_FILETYPE.get(filetype, DENYLIST_REGEX_TO_GROUP)
         return super().analyze_line(
             filename=filename,
             line=line,

diff --git a/detect_secrets/util/filetype.py b/detect_secrets/util/filetype.py
@@ -14,7 +14,9 @@ class FileType(Enum):
     SWIFT = 8
     TERRAFORM = 9
     YAML = 10
-    OTHER = 11
+    C_SHARP = 11
+    C = 12
+    OTHER = 13
 
 
 def determine_file_type(filename: str) -> FileType:
@@ -34,4 +36,6 @@ def determine_file_type(filename: str) -> FileType:
         '.tf': FileType.TERRAFORM,
         '.yaml': FileType.YAML,
         '.yml': FileType.YAML,
+        '.cs': FileType.C_SHARP,
+        '.c': FileType.C,
     }.get(file_extension, FileType.OTHER)
diff --git a/tests/plugins/keyword_test.py b/tests/plugins/keyword_test.py
@@ -79,11 +79,12 @@
     ('private_key "hopenobodyfindsthisone\';', None),  # Double-quote does not match single-quote)
 ]
 
-OBJECTIVE_C_TEST_CASES = [
+COMMON_C_TEST_CASES = [
     ('apikey = "{}";'.format(COMMON_SECRET), COMMON_SECRET),
     ('password = @"{}";'.format(COMMON_SECRET), COMMON_SECRET),
     ('my_password_secure = @"{}";'.format(COMMON_SECRET), COMMON_SECRET),   # Prefix/suffix
     ('secrete[] = "{}";'.format(COMMON_SECRET), COMMON_SECRET),
+    ('char secrete[25] = "{}";'.format(COMMON_SECRET), COMMON_SECRET),
     ('secrete = "{}"'.format(LETTER_SECRET), LETTER_SECRET),    # All symbols are allowed
     ('password = "{}"'.format(SYMBOL_SECRET), None),  # At least 1 alphanumeric char is required
     ("api_key = '{}';".format(COMMON_SECRET), None),                 # Double quotes required
@@ -139,7 +140,9 @@ def parse_test_cases(test_cases):
         parse_test_cases([
             (None, GENERIC_TEST_CASES),
             ('go', GOLANG_TEST_CASES),
-            ('m', OBJECTIVE_C_TEST_CASES),
+            ('m', COMMON_C_TEST_CASES),
+            ('c', COMMON_C_TEST_CASES),
+            ('cs', COMMON_C_TEST_CASES),
             ('cls', QUOTES_REQUIRED_TEST_CASES),
             ('java', QUOTES_REQUIRED_TEST_CASES),
             ('py', QUOTES_REQUIRED_TEST_CASES),