diff --git a/CHANGELOG.md b/CHANGELOG.md index d60cdcb9..99a105e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,7 +33,7 @@ If you love `detect-secrets`, please star our project on GitHub to show your sup ##### February 16th, 2022 #### :mega: Release Highlights -- Continous integration github action added ([#506]) +- Continuous integration github action added ([#506]) - Release pipeline github action added ([#513]) #### :tada: New Features @@ -46,7 +46,7 @@ If you love `detect-secrets`, please star our project on GitHub to show your sup - Fixes catastrophic backtracking for indirect reference heuristic ([#509]) - Fixes pre-commit hook secret equality checking causing updates to baseline with no real changes - only a timestamp update ([#507]) - Fixes python 3.8 failing to load plugins on windows and macos ([#505]) -- Fixes yaml transformer inline dicitonary index out of bounds exceptions ([#501]) +- Fixes yaml transformer inline dictionary index out of bounds exceptions ([#501]) - Fixes regex for slack url ([#477]) - Fixes `AttributeError: 'PotentialSecret' object has no attribute 'line_number'` by safely falling back to 0 if line_number isn't present. ([#476])([#472]) - Fixes gibberish-detector current version @@ -211,7 +211,7 @@ the ["User Facing Changes"](https://github.com/Yelp/detect-secrets/pull/355) for #### :mortar_board: Walkthrough / Help - The README now includes examples of common usages, features, and an FAQ section for - the common questions we often receive as Github issues. + the common questions we often receive as GitHub issues. - So much better [technical documentation](./docs)! - Type support added @@ -287,7 +287,7 @@ the ["User Facing Changes"](https://github.com/Yelp/detect-secrets/pull/355) for #### :bug: Bugfixes -- Display helpful eror message when scanning a baseline from a newer `detect-secrets` version ([#293], [#269]) +- Display helpful error message when scanning a baseline from a newer `detect-secrets` version ([#293], [#269]) #### :snake: Miscellaneous @@ -335,7 +335,7 @@ the ["User Facing Changes"](https://github.com/Yelp/detect-secrets/pull/355) for - Rationale for the minor version bump: - Some accuracy changes that might change baselines significantly - @OiCMudkips' first release increases spookiness - - It being almost Halloweeen increases spookiness + - It being almost Halloween increases spookiness #### :tada: New Features diff --git a/README.md b/README.md index c3f1622c..4b2c1774 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ This way, you create a [separation of concern](https://en.wikipedia.org/wiki/Separation_of_concerns): accepting that there may *currently* be secrets hiding in your large repository (this is what we refer to as a _baseline_), but preventing this issue from getting any larger, -without dealing with the potentially gargantuous effort of moving existing secrets away. +without dealing with the potentially gargantuan effort of moving existing secrets away. It does this by running periodic diff outputs against heuristically crafted regex statements, to identify whether any *new* secret has been committed. This way, it avoids the overhead of @@ -444,7 +444,7 @@ reporting: analytics: Quantify the success of your plugins based on the labelled results in your - baseline. To be used with the statisitcs mode (--stats). + baseline. To be used with the statistics mode (--stats). --json Outputs results in a machine-readable format. ``` @@ -471,7 +471,7 @@ There are three different strategies we employ to try and find secrets in code: 2. Entropy Detector - This searches for "secret-looking" strings through a variety of heuristical approaches. This + This searches for "secret-looking" strings through a variety of heuristic approaches. This is great for non-structured secrets, but may require tuning to adjust the scanning precision. 3. Keyword Detector diff --git a/detect_secrets/audit/compare.py b/detect_secrets/audit/compare.py index 7011e38c..f33665d3 100644 --- a/detect_secrets/audit/compare.py +++ b/detect_secrets/audit/compare.py @@ -222,7 +222,7 @@ def _display_difference_to_user( ) if decision == io.InputOptions.QUIT: - io.print_message('Qutting...') + io.print_message('Quitting...') break elif decision == io.InputOptions.BACK: iterator.step_back_on_next_iteration() diff --git a/detect_secrets/core/scan.py b/detect_secrets/core/scan.py index a5c35111..b9e70e92 100644 --- a/detect_secrets/core/scan.py +++ b/detect_secrets/core/scan.py @@ -193,7 +193,7 @@ def scan_for_allowlisted_secrets_in_file(filename: str) -> Generator[PotentialSe ): return - # NOTE: Unlike `scan_file`, we don't ever have to use eager file transfomers, since we already + # NOTE: Unlike `scan_file`, we don't ever have to use eager file transformers, since we already # know which lines we want to scan. try: for lines in _get_lines_from_file(filename): diff --git a/detect_secrets/core/usage/audit.py b/detect_secrets/core/usage/audit.py index 7d864b9e..5bb5ec66 100644 --- a/detect_secrets/core/usage/audit.py +++ b/detect_secrets/core/usage/audit.py @@ -87,7 +87,7 @@ def _add_statistics_module(parent: argparse.ArgumentParser) -> None: title='analytics', description=( 'Quantify the success of your plugins based on the labelled results ' - 'in your baseline. To be used with the statisitcs mode (--stats).' + 'in your baseline. To be used with the statistics mode (--stats).' ), ) diff --git a/detect_secrets/core/usage/plugins.py b/detect_secrets/core/usage/plugins.py index 83a5ecd8..3db4c483 100644 --- a/detect_secrets/core/usage/plugins.py +++ b/detect_secrets/core/usage/plugins.py @@ -129,7 +129,7 @@ def parse_args(args: argparse.Namespace) -> None: for filename in args.plugin: # NOTE: Technically, we could just configure the settings, and have # `detect_secrets.core.plugins.util.get_mapping_from_secret_type_to_class` - # to initialze them. However, if it's in the baseline / settings, we can + # to initialize them. However, if it's in the baseline / settings, we can # assume it works -- therefore, let's initialize it to discover any errors early # on, before storing it in settings. try: diff --git a/detect_secrets/plugins/base.py b/detect_secrets/plugins/base.py index 0ef7925e..c78cc5d3 100644 --- a/detect_secrets/plugins/base.py +++ b/detect_secrets/plugins/base.py @@ -169,18 +169,18 @@ def build_assignment_regex( opt_quote = r'(?:"|\'|)' opt_open_square_bracket = r'(?:\[|)' opt_close_square_bracket = r'(?:\]|)' - opt_dash_undrscr = r'(?:_|-|)' + opt_dash_underscore = r'(?:_|-|)' opt_space = r'(?: *)' assignment = r'(?:=|:|:=|=>| +|::)' return re.compile( - r'{begin}{opt_open_square_bracket}{opt_quote}{prefix_regex}{opt_dash_undrscr}' + r'{begin}{opt_open_square_bracket}{opt_quote}{prefix_regex}{opt_dash_underscore}' '{secret_keyword_regex}{opt_quote}{opt_close_square_bracket}{opt_space}' '{assignment}{opt_space}{opt_quote}{secret_regex}{opt_quote}'.format( begin=begin, opt_open_square_bracket=opt_open_square_bracket, opt_quote=opt_quote, prefix_regex=prefix_regex, - opt_dash_undrscr=opt_dash_undrscr, + opt_dash_underscore=opt_dash_underscore, secret_keyword_regex=secret_keyword_regex, opt_close_square_bracket=opt_close_square_bracket, opt_space=opt_space, diff --git a/detect_secrets/plugins/high_entropy_strings.py b/detect_secrets/plugins/high_entropy_strings.py index 2bfce196..280ca25b 100644 --- a/detect_secrets/plugins/high_entropy_strings.py +++ b/detect_secrets/plugins/high_entropy_strings.py @@ -164,7 +164,7 @@ def calculate_shannon_entropy(self, data: str) -> float: the number of false positives we get greatly exceeds realistic true positive scenarios. - Therefore, this tries to capture this heuristic mathemetically. + Therefore, this tries to capture this heuristic mathematically. We do this by noting that the maximum shannon entropy for this charset is ~3.32 (e.g. "0123456789", with every digit different), and we want diff --git a/detect_secrets/plugins/ibm_cloud_iam.py b/detect_secrets/plugins/ibm_cloud_iam.py index 53c25f52..fdb01625 100644 --- a/detect_secrets/plugins/ibm_cloud_iam.py +++ b/detect_secrets/plugins/ibm_cloud_iam.py @@ -15,13 +15,13 @@ class IbmCloudIamDetector(RegexBasedDetector): # opt means optional opt_ibm_cloud_iam = r'(?:ibm(?:_|-|)cloud(?:_|-|)iam|cloud(?:_|-|)iam|' + \ r'ibm(?:_|-|)cloud|ibm(?:_|-|)iam|ibm|iam|cloud|)' - opt_dash_undrscr = r'(?:_|-|)' + opt_dash_underscore = r'(?:_|-|)' opt_api = r'(?:api|)' key_or_pass = r'(?:key|pwd|password|pass|token)' secret = r'([a-zA-Z0-9_\-]{44}(?![a-zA-Z0-9_\-]))' denylist = [ RegexBasedDetector.build_assignment_regex( - prefix_regex=opt_ibm_cloud_iam + opt_dash_undrscr + opt_api, + prefix_regex=opt_ibm_cloud_iam + opt_dash_underscore + opt_api, secret_keyword_regex=key_or_pass, secret_regex=secret, ), diff --git a/detect_secrets/plugins/ibm_cos_hmac.py b/detect_secrets/plugins/ibm_cos_hmac.py index ee191e67..999703f1 100644 --- a/detect_secrets/plugins/ibm_cos_hmac.py +++ b/detect_secrets/plugins/ibm_cos_hmac.py @@ -101,7 +101,7 @@ def query_ibm_cos_hmac( # request elements http_method = 'GET' # region is a wildcard value that takes the place of the AWS region value - # as COS doen't use the same conventions for regions, this parameter can accept any string + # as COS doesn't use the same conventions for regions, this parameter can accept any string region = 'us-standard' endpoint = 'https://{}'.format(host) bucket = '' # add a '/' before the bucket name to list buckets @@ -156,7 +156,7 @@ def query_ibm_cos_hmac( # create and send the request headers = {'x-amz-date': timestamp, 'Authorization': v4auth_header} - # the 'requests' package autmatically adds the required 'host' header + # the 'requests' package automatically adds the required 'host' header request_url = endpoint + standardized_resource + standardized_querystring request = requests.get(request_url, headers=headers) diff --git a/detect_secrets/settings.py b/detect_secrets/settings.py index 6218eb39..e4bd9d8b 100644 --- a/detect_secrets/settings.py +++ b/detect_secrets/settings.py @@ -221,7 +221,7 @@ def json(self) -> Dict[str, Any]: for plugin in get_plugins(): # NOTE: We use the initialized plugin's JSON representation (rather than using # the configured settings) to deal with cases where plugins define their own - # default variables, that is not necessarily carried through through the + # default variables, that is not necessarily carried through the # settings object. serialized_plugin = plugin.json() diff --git a/detect_secrets/transformers/yaml.py b/detect_secrets/transformers/yaml.py index 3061f0a0..c3cc4c1a 100644 --- a/detect_secrets/transformers/yaml.py +++ b/detect_secrets/transformers/yaml.py @@ -70,7 +70,7 @@ def parse_file(self, file: NamedIO) -> List[str]: comment = matches.group(0) # YAML does the parsing for us, and the value we'll receive is a string proper - # (rather than the raw value, like `ConfigFileTransformer`). We want to artifically + # (rather than the raw value, like `ConfigFileTransformer`). We want to artificially # add quotes here since we know they are strings, HighEntropyString will benefit # from this, and all other plugins don't care. #