Merge branch 'master' into better-error-when-cant-find-plugin-referen…

…ced-in-baseline-file
Yelp · Jan 16, 2024 · 3953579 · 3953579
2 parents 82a6b6d + c59553f
commit 3953579
Show file tree

Hide file tree

Showing 8 changed files with 53 additions and 49 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,7 +17,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        python: ['3.7', '3.8', '3.9']
+        python: ['3.8', '3.9', '3.10', '3.11']
     steps:
     - uses: actions/checkout@v2
     - uses: actions/setup-python@v2

diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
@@ -15,7 +15,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest]
-        python: ['3.7', '3.8', '3.9']
+        python: ['3.8', '3.9', '3.10', '3.11']
     steps:
     - uses: actions/checkout@v2
     - uses: actions/setup-python@v2

diff --git a/detect_secrets/filters/heuristic.py b/detect_secrets/filters/heuristic.py
@@ -164,7 +164,7 @@ def is_prefixed_with_dollar_sign(secret: str) -> bool:
     # false negatives than `is_templated_secret` (e.g. secrets that actually start with a $).
     # This is best used with files that actually use this as a means of referencing variables.
     # TODO: More intelligent filetype handling?
-    return secret[0] == '$'
+    return bool(secret) and secret[0] == '$'
 
 
 def is_indirect_reference(line: str) -> bool:

diff --git a/detect_secrets/plugins/ibm_cloud_iam.py b/detect_secrets/plugins/ibm_cloud_iam.py
@@ -34,7 +34,7 @@ def verify(self, secret: str) -> VerifiedResult:
 
 
 def verify_cloud_iam_api_key(apikey: Union[str, bytes]) -> requests.Response:  # pragma: no cover
-    if type(apikey) == bytes:
+    if type(apikey) is bytes:
         apikey = apikey.decode('UTF-8')
 
     headers = {

diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -1,44 +1,43 @@
-attrs==21.4.0
-backports.entry-points-selectable==1.1.1
-certifi==2021.10.8
-cfgv==3.2.0
-charset-normalizer==2.0.7
-coverage==4.5.4
-distlib==0.3.6
-filelock==3.0.12
-flake8==3.5.0
+attrs==23.2.0
+backports.entry-points-selectable==1.3.0
+certifi==2023.11.17
+cfgv==3.4.0
+charset-normalizer==3.3.2
+coverage==7.4.0
+distlib==0.3.8
+filelock==3.13.1
+flake8==6.1.0
 gibberish-detector==0.1.1
-identify==2.3.0
-idna==3.3
-importlib-metadata==4.8.1
-iniconfig==1.1.1
-mccabe==0.6.1
+identify==2.5.33
+idna==3.6
+iniconfig==2.0.0
+mccabe==0.7.0
 monotonic==1.6
 mypy==0.971
-mypy-extensions==0.4.3
-nodeenv==1.6.0
-packaging==21.3
-platformdirs==2.0.2
-pluggy==0.13.1
-pre-commit==2.17.0
+mypy-extensions==1.0.0
+nodeenv==1.8.0
+packaging==23.2
+platformdirs==4.1.0
+pluggy==1.3.0
+pre-commit==3.5.0
 py==1.11.0
-pyahocorasick==1.4.4
-pycodestyle==2.3.1
-pyflakes==1.6.0
-pyparsing==2.4.7
-pytest==6.2.2
-PyYAML==6.0
-requests==2.26.0
-responses==0.16.0
+pyahocorasick==2.0.0
+pycodestyle==2.11.1
+pyflakes==3.1.0
+pyparsing==3.1.1
+pytest==7.4.3
+PyYAML==6.0.1
+requests==2.31.0
+responses==0.24.1
 six==1.16.0
 toml==0.10.2
-tox==3.24.4
+tox==4.11.4
 tox-pip-extensions==1.6.0
-typed-ast==1.5.4
-types-PyYAML==6.0.11
-types-requests==2.28.9
-typing-extensions==3.10.0.2
-unidiff==0.7.4
-urllib3==1.26.9
-virtualenv==20.6.0
-zipp==3.6.0
+typed-ast==1.5.5
+types-PyYAML==6.0.12.12
+types-requests==2.31.0.20240106
+typing-extensions==4.9.0
+unidiff==0.7.5
+urllib3==2.1.0
+virtualenv==20.25.0
+zipp==3.17.0
diff --git a/setup.py b/setup.py
@@ -24,9 +24,8 @@ def get_version():
     description='Tool for detecting secrets in the codebase',
     long_description=long_description,
     long_description_content_type='text/markdown',
-    license='Copyright Yelp, Inc. 2020',
-    author='Aaron Loo',
-    author_email='[email protected]',
+    author='Yelp, Inc.',
+    author_email='[email protected]',
     url='https://github.com/Yelp/detect-secrets',
     download_url='https://github.com/Yelp/detect-secrets/archive/{}.tar.gz'.format(VERSION),
     keywords=['secret-management', 'pre-commit', 'security', 'entropy-checks'],

diff --git a/tests/filters/heuristic_filter_test.py b/tests/filters/heuristic_filter_test.py
@@ -121,9 +121,16 @@ def test_is_templated_secret(line, result):
         assert bool(list(scan_line(line))) is result
 
 
-def test_is_prefixed_with_dollar_sign():
-    assert filters.heuristic.is_prefixed_with_dollar_sign('$secret')
-    assert not filters.heuristic.is_prefixed_with_dollar_sign('secret')
+@pytest.mark.parametrize(
+    'secret, result',
+    (
+        ('$secret', True),
+        ('secret', False),
+        ('', False),
+    ),
+)
+def test_is_prefixed_with_dollar_sign(secret, result):
+    assert filters.heuristic.is_prefixed_with_dollar_sign(secret) == result
 
 
 @pytest.mark.parametrize(

diff --git a/tox.ini b/tox.ini
@@ -1,9 +1,8 @@
 [tox]
 project = detect_secrets
 # These should match the ci python env list
-envlist = py{37,38,39},mypy
+envlist = py{38,39,310,311},mypy
 skip_missing_interpreters = true
-tox_pip_extensions_ext_venv_update = true
 
 [testenv]
 passenv = SSH_AUTH_SOCK