Skip to content

Commit

Permalink
fix: support param priority
Browse files Browse the repository at this point in the history
  • Loading branch information
Xianjun Zhu committed Feb 5, 2019
1 parent 37d7e06 commit a2f74dd
Show file tree
Hide file tree
Showing 3 changed files with 108 additions and 28 deletions.
3 changes: 3 additions & 0 deletions detect_secrets/core/usage.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -309,6 +309,7 @@ def consolidate_args(args):

active_plugins = {}
disabled_plugins = {}
param_from_default = {}

for plugin in PluginOptions.all_plugins:
arg_name = PluginOptions._convert_flag_text_to_argument_name(
Expand Down Expand Up @@ -342,13 +343,15 @@ def consolidate_args(args):

if default_value and related_args[arg_name] is None:
related_args[arg_name] = default_value
param_from_default[arg_name] = True

active_plugins.update({
plugin.classname: related_args,
})

args.plugins = active_plugins
args.disabled_plugins = disabled_plugins
args.param_from_default = param_from_default

def _add_custom_limits(self):
high_entropy_help_text = (
Expand Down
76 changes: 56 additions & 20 deletions detect_secrets/plugins/common/initialize.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,28 +32,64 @@ def from_parser_builder(plugins_dict):


def merge_plugin_from_baseline(baseline_plugins, args):
# if --use-all-plugins
# include all parsed plugins
# else
# include all baseline plugins
# remove all disabled plugins
"""
:type baseline_plugins: tuple of BasePlugin
:param baseline_plugins: BasePlugin instances from baseline file
:type args: dict
:param args: diction of arguments parsed from usage
plugins = []
param priority: input param > baseline param > default
:Returns tuple of initialized plugins
"""
def _remove_key(d, key):
r = dict(d)
r.pop(key)
return r
baseline_plugins_dict = {
vars(plugin)["name"]: _remove_key(vars(plugin), "name")
for plugin in baseline_plugins
}

# Use input plugin as starting point
if args.use_all_plugins:
plugins = from_parser_builder(args.plugins)
elif args.disabled_plugins: # strip some plugins off baseline
plugins = _trim_disabled_plugins_from_baseline(baseline_plugins, args)
else:
plugins = baseline_plugins
return plugins


def _trim_disabled_plugins_from_baseline(baseline_plugins, args):
merged_plugins_dict = {vars(plugin)['name']: plugin for plugin in baseline_plugins}
for plugin_name in args.disabled_plugins:
if plugin_name in merged_plugins_dict:
merged_plugins_dict.pop(plugin_name)
return merged_plugins_dict.values()
# input param and default param are used
plugins_dict = dict(args.plugins)

# baseline param priority > default
for plugin_name, plugin_params in list(baseline_plugins_dict.items()):
for param_name, param_value in list(plugin_params.items()):
from_default = args.param_from_default.get(param_name, False)
if from_default:
try:
plugins_dict[plugin_name][param_name] = param_value
except KeyError as key:
# baseline has option not in all plugins
print("error:", key)

return from_parser_builder(plugins_dict)

# Use baseline plugin as starting point
plugins_dict = baseline_plugins_dict
if args.disabled_plugins:
for plugin_name in args.disabled_plugins:
if plugin_name in plugins_dict:
plugins_dict.pop(plugin_name)

# input param priority > baseline
input_plugins_dict = dict(args.plugins)
for plugin_name, plugin_params in list(input_plugins_dict.items()):
for param_name, param_value in list(plugin_params.items()):
from_default = args.param_from_default.get(param_name, False)
if from_default is False:
try:
plugins_dict[plugin_name][param_name] = param_value
except KeyError as key:
# TODO output error
print("error:", key)

return from_parser_builder(plugins_dict)


def from_plugin_classname(plugin_classname, **kwargs):
Expand Down
57 changes: 49 additions & 8 deletions tests/main_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ def test_old_baseline_ignored_with_update_flag(
"name": "AWSKeyDetector",
},
{
"base64_limit": 4.5,
"base64_limit": 1.5,
"name": "Base64HighEntropyString",
},
{
Expand Down Expand Up @@ -273,7 +273,7 @@ def test_old_baseline_ignored_with_update_flag(
},
],
),
( # ignore overwriten option from CLI when not using --use-all-plugins
( # overwrite base limit from CLI
[
{
"base64_limit": 3.5,
Expand All @@ -282,17 +282,30 @@ def test_old_baseline_ignored_with_update_flag(
"name": "PrivateKeyDetector",
},
],
'--base64-limit=4.5',
'--base64-limit=5.5',
[
{
"base64_limit": 3.5,
"base64_limit": 5.5,
"name": "Base64HighEntropyString",
},
{
"name": "PrivateKeyDetector",
},
],
),
( # does not overwrite base limit from CLI if baseline not using the plugin
[
{
"name": "PrivateKeyDetector",
},
],
'--base64-limit=4.5',
[
{
"name": "PrivateKeyDetector",
},
],
),
( # use overwriten option from CLI only when using --use-all-plugins
[
{
Expand All @@ -303,13 +316,43 @@ def test_old_baseline_ignored_with_update_flag(
"name": "PrivateKeyDetector",
},
],
'--use-all-plugins --base64-limit=4.5 --no-hex-string-scan --no-keyword-scan',
'--use-all-plugins --base64-limit=5.5 --no-hex-string-scan --no-keyword-scan',
[
{
"name": "AWSKeyDetector",
},
{
"base64_limit": 4.5,
"base64_limit": 5.5,
"name": "Base64HighEntropyString",
},
{
"name": "BasicAuthDetector",
},
{
"name": "PrivateKeyDetector",
},
{
"name": "SlackDetector",
},
],
),
( # use plugin limit from baseline when using --use-all-plugins and no input limit
[
{
"base64_limit": 2.5,
"name": "Base64HighEntropyString",
},
{
"name": "PrivateKeyDetector",
},
],
'--use-all-plugins --no-hex-string-scan --no-keyword-scan',
[
{
"name": "AWSKeyDetector",
},
{
"base64_limit": 2.5,
"name": "Base64HighEntropyString",
},
{
Expand Down Expand Up @@ -350,8 +393,6 @@ def test_plugin_from_old_baseline_respected_with_update_flag(
),
) == 0

print("Used:", file_writer.call_args[1]['data']['plugins_used'])
print("Wrote:", plugins_wrote)
assert file_writer.call_args[1]['data']['plugins_used'] == \
plugins_wrote

Expand Down

0 comments on commit a2f74dd

Please sign in to comment.