Ignore id values in ini files

Yelp · Oct 7, 2019 · 0539c43 · 0539c43
1 parent 2b3d252
commit 0539c43
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 13 deletions.
diff --git a/detect_secrets/plugins/common/ini_file_parser.py b/detect_secrets/plugins/common/ini_file_parser.py
@@ -77,7 +77,7 @@ def iterator(self):
                     key,
                     values,
                 ):
-                    yield value, offset
+                    yield key, value, offset
 
     def _get_value_and_line_offset(self, key, values):
         """Returns the index of the location of key, value pair in lines.

diff --git a/detect_secrets/plugins/high_entropy_strings.py b/detect_secrets/plugins/high_entropy_strings.py
@@ -86,7 +86,7 @@ def calculate_shannon_entropy(self, data):
         return entropy
 
     @staticmethod
-    def _check_for_false_positives_with_line_context(potential_secrets, line):
+    def _filter_false_positives_with_line_ctx(potential_secrets, line):
         return {
             key: value for key, value in potential_secrets.items()
             if not is_false_positive_with_line_context(
@@ -102,7 +102,7 @@ def analyze_line(self, string, line_num, filename):
             filename,
         )
 
-        return HighEntropyStringsPlugin._check_for_false_positives_with_line_context(
+        return self._filter_false_positives_with_line_ctx(
             output,
             string,
         )
@@ -176,23 +176,27 @@ def _analyze_ini_file(self, add_header=False):
         :returns: same format as super().analyze()
         """
         def wrapped(file, filename):
-            potential_secrets = {}
+            output = {}
 
             with self.non_quoted_string_regex():
-                for value, lineno in IniFileParser(
+                for key, value, lineno in IniFileParser(
                     file,
                     add_header,
                     exclude_lines_regex=self.exclude_lines_regex,
                 ).iterator():
-                    potential_secrets.update(
-                        self.analyze_string_content(
-                            value,
-                            lineno,
-                            filename,
-                        ),
+                    potential_secrets = self.analyze_string_content(
+                        value,
+                        lineno,
+                        filename,
                     )
+                    line = u'{key}={value}'.format(key=key, value=value)
+                    potential_secrets = self._filter_false_positives_with_line_ctx(
+                        potential_secrets,
+                        line,
+                    )
+                    output.update(potential_secrets)
 
-            return potential_secrets
+            return output
 
         return wrapped
 
@@ -254,7 +258,7 @@ def _analyze_yaml_file(self, file, filename):
                     item['__original_key__']: item['__value__'],
                 }).replace('\n', '')
 
-                secrets = HighEntropyStringsPlugin._check_for_false_positives_with_line_context(
+                secrets = self._filter_false_positives_with_line_ctx(
                     secrets,
                     dumped_key_value,
                 )

diff --git a/test_data/config.ini b/test_data/config.ini
@@ -27,3 +27,7 @@ password = 12345678901234  # pragma: allowlist secret
 
 # unicode
 foo=bår
+
+[key with id in name]
+real_secret_which_isnt_an_i_d = vh987tyw9ehy8ghis7vwyhiwbwitefy7w3ASDGYDGUASDG
+foreign_key_id = vh987tyw9ehy8ghis7vwyhiwbwitefy7w3ASDGYDGUASDG
diff --git a/tests/plugins/high_entropy_strings_test.py b/tests/plugins/high_entropy_strings_test.py
@@ -166,6 +166,7 @@ def setup(self):
                     'Location:    test_data/config.ini:15',
                     'Location:    test_data/config.ini:21',
                     'Location:    test_data/config.ini:22',
+                    'Location:    test_data/config.ini:32',
                 ],
             ),
             (