From d271bbceb5dd438b2322f3071033183556e0160e Mon Sep 17 00:00:00 2001
From: George Pickering <9803299+bigpick@users.noreply.github.com>
Date: Fri, 23 Aug 2024 12:55:53 -0400
Subject: [PATCH] fix(build): Install requirements.txt before Pipfile lock gen

---
 Makefile.ibm                              |  7 ++++---
 detect_secrets/core/baseline.py           |  2 +-
 detect_secrets/core/secrets_collection.py |  2 +-
 detect_secrets/core/usage.py              |  2 +-
 detect_secrets/main.py                    | 11 ++++++-----
 5 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/Makefile.ibm b/Makefile.ibm
index 44c9f5c9d..8083fe602 100644
--- a/Makefile.ibm
+++ b/Makefile.ibm
@@ -62,9 +62,10 @@ trivy-scan-python-vulnerabilities:
 
 	# Generate a Pipfile.lock, Trivy does not auto-detect requirements-dev.txt (https://aquasecurity.github.io/trivy/v0.28.1/docs/vulnerability/detection/language/)
 	#./scripts/gen-pipfile.sh > Pipfile
-	#pipenv --python `which python3`
-	#pipenv lock
-	$(TRIVY) fs --exit-code 1 --ignore-unfixed --scanners vuln --file-patterns 'pip:requirements*.txt' ./
+	pipenv --python `which python3`
+	pipenv install -r requirements-dev.txt
+    pipenv lock
+	$(TRIVY) fs --exit-code 1 --ignore-unfixed --scanners vuln --file-patterns ./
 
 docker-quality-images:
 	for image_name in $(DOCKER_IMAGES_TO_SCAN) ; do												\
diff --git a/detect_secrets/core/baseline.py b/detect_secrets/core/baseline.py
index 0c688cc1c..239641bbf 100644
--- a/detect_secrets/core/baseline.py
+++ b/detect_secrets/core/baseline.py
@@ -35,7 +35,7 @@ def initialize(
     :param plugins: rules to initialize the SecretsCollection with.
 
     :type plugins_reuse_excludes: bool|None
-    :param plugins_reuse_excludes optional bool indicating whether plugins were forced to reuse excludes.
+    :param plugins_reuse_excludes optional bool whether plugins were forced to reuse excludes.
 
     :type exclude_files_regex: str|None
     :type exclude_lines_regex: str|None
diff --git a/detect_secrets/core/secrets_collection.py b/detect_secrets/core/secrets_collection.py
index e488d3f43..ea60e54c9 100644
--- a/detect_secrets/core/secrets_collection.py
+++ b/detect_secrets/core/secrets_collection.py
@@ -344,7 +344,7 @@ def format_for_baseline_output(self):
         plugins_used = sorted(plugins_used, key=lambda x: x['name'])
 
         return {
-            **({"plugins_reuse_excludes": True} if self.plugins_reuse_excludes else {}),
+            **({'plugins_reuse_excludes': True} if self.plugins_reuse_excludes else {}),
             'generated_at': strftime('%Y-%m-%dT%H:%M:%SZ', gmtime()),
             'exclude': {
                 'files': self.exclude_files,
diff --git a/detect_secrets/core/usage.py b/detect_secrets/core/usage.py
index f27e4ba28..71c173cf1 100644
--- a/detect_secrets/core/usage.py
+++ b/detect_secrets/core/usage.py
@@ -9,7 +9,7 @@ def add_plugins_reuse_excludes_flag(parser):
     parser.add_argument(
         '--plugins-reuse-excludes',
         action='store_true',
-        help='Force plugins to try re-using existing exclude contents.'
+        help='Force plugins to try re-using existing exclude contents.',
     )
 
 
diff --git a/detect_secrets/main.py b/detect_secrets/main.py
index 54978a004..323230c5a 100644
--- a/detect_secrets/main.py
+++ b/detect_secrets/main.py
@@ -21,15 +21,16 @@ def maybe_get_existing_exclude(exclude_files, exclude_lines, old_baseline):
     if not old_baseline:
         return exclude_files, exclude_lines
 
-    previously_included = old_baseline.get("exclude", None)
+    previously_included = old_baseline.get('exclude', None)
     if not previously_included:
         return exclude_files, exclude_lines
 
-    files = "|".join(filter(None, (exclude_files, previously_included.get("files",None))))
-    lines = "|".join(filter(None, (exclude_lines, previously_included.get("lines",None))))
+    files = '|'.join(filter(None, (exclude_files, previously_included.get('files', None))))
+    lines = '|'.join(filter(None, (exclude_lines, previously_included.get('lines', None))))
 
     return files, lines
 
+
 def main(argv=None):
     if len(sys.argv) == 1:  # pragma: no cover
         sys.argv.append('-h')
@@ -50,8 +51,8 @@ def main(argv=None):
             automaton, word_list_hash = build_automaton(args.word_list_file)
 
         _baseline = _get_existing_baseline(args.import_filename, args.string)
-        if args.plugins_reuse_excludes or (_baseline and _baseline.get("plugins_reuse_excludes", False)):
-            args.exclude_files, args.exclude_lines = maybe_get_existing_exclude(args.exclude_files, args.exclude_lines, _baseline)
+        if args.plugins_reuse_excludes or (_baseline and _baseline.get('plugins_reuse_excludes', False)):  # noqa: E501
+            args.exclude_files, args.exclude_lines = maybe_get_existing_exclude(args.exclude_files, args.exclude_lines, _baseline)  # noqa: E501
 
         # Plugins are *always* rescanned with fresh settings, because
         # we want to get the latest updates.