feat: Read plugins list from baseline

Yelp · Feb 5, 2019 · 9e0b619 · 9e0b619
1 parent a3d30c8
commit 9e0b619
Show file tree

Hide file tree

Showing 10 changed files with 383 additions and 18 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,8 +5,10 @@
 /.coverage
 /.pytest_cache
 /.tox
-/venv**
+/venv*
 /tmp
 
 .*ignore
 !.gitignore
+.python-version
+.vscode
diff --git a/detect_secrets/core/secrets_collection.py b/detect_secrets/core/secrets_collection.py
@@ -43,13 +43,13 @@ def load_baseline_from_string(cls, string):
         :raises: IOError
         """
         try:
-            return cls._load_baseline_from_dict(json.loads(string))
+            return cls.load_baseline_from_dict(json.loads(string))
         except (IOError, ValueError):
             log.error('Incorrectly formatted baseline!')
             raise
 
     @classmethod
-    def _load_baseline_from_dict(cls, data):
+    def load_baseline_from_dict(cls, data):
         """Initializes a SecretsCollection object from dictionary.
 
         :type data: dict

diff --git a/detect_secrets/core/usage.py b/detect_secrets/core/usage.py
@@ -6,6 +6,14 @@
 from detect_secrets import VERSION
 
 
+def add_use_all_plugins_argument(parser):
+    parser.add_argument(
+        '--use-all-plugins',
+        action='store_true',
+        help='Use all available plugins to scan files',
+    )
+
+
 class ParserBuilder(object):
 
     def __init__(self):
@@ -21,7 +29,8 @@ def add_default_arguments(self):
 
     def add_pre_commit_arguments(self):
         self._add_filenames_argument()\
-            ._add_set_baseline_argument()
+            ._add_set_baseline_argument()\
+            ._add_use_all_plugins_argument()
 
         PluginOptions(self.parser).add_arguments()
 
@@ -78,6 +87,9 @@ def _add_set_baseline_argument(self):
         )
         return self
 
+    def _add_use_all_plugins_argument(self):
+        add_use_all_plugins_argument(self.parser)
+
 
 class ScanOptions(object):
 
@@ -122,6 +134,9 @@ def _add_initialize_baseline_argument(self):
             dest='import_filename',
         )
 
+        # Pairing `--update` with `--use-all-plugins` to overwrite plugins list from baseline
+        add_use_all_plugins_argument(self.parser)
+
         self.parser.add_argument(
             '--all-files',
             action='store_true',
@@ -293,16 +308,20 @@ def consolidate_args(args):
             return
 
         active_plugins = {}
+        disabled_plugins = {}
 
         for plugin in PluginOptions.all_plugins:
             arg_name = PluginOptions._convert_flag_text_to_argument_name(
                 plugin.disable_flag_text,
             )
 
             # Remove disabled plugins
-            is_disabled = getattr(args, arg_name)
+            is_disabled = getattr(args, arg_name, False)
             delattr(args, arg_name)
             if is_disabled:
+                disabled_plugins.update({
+                    plugin.classname: {},
+                })
                 continue
 
             # Consolidate related args
@@ -329,6 +348,7 @@ def consolidate_args(args):
             })
 
         args.plugins = active_plugins
+        args.disabled_plugins = disabled_plugins
 
     def _add_custom_limits(self):
         high_entropy_help_text = (

diff --git a/detect_secrets/main.py b/detect_secrets/main.py
@@ -9,6 +9,7 @@
 from detect_secrets.core import baseline
 from detect_secrets.core.common import write_baseline_to_file
 from detect_secrets.core.log import log
+from detect_secrets.core.secrets_collection import SecretsCollection
 from detect_secrets.core.usage import ParserBuilder
 from detect_secrets.plugins.common import initialize
 
@@ -39,10 +40,12 @@ def main(argv=None):
             _scan_string(line, plugins)
 
         else:
-            baseline_dict = _perform_scan(
-                args,
-                plugins,
-            )
+            if args.import_filename:
+                plugins = initialize.merge_plugin_from_baseline(
+                    _get_plugin_from_baseline(args.import_filename), args,
+                )
+
+            baseline_dict = _perform_scan(args, plugins)
 
             if args.import_filename:
                 write_baseline_to_file(
@@ -79,6 +82,15 @@ def main(argv=None):
     return 0
 
 
+def _get_plugin_from_baseline(baseline_file):
+    old_baseline = _get_existing_baseline(baseline_file)
+    plugins = []
+    if old_baseline and "plugins_used" in old_baseline:
+        secrets_collection = SecretsCollection.load_baseline_from_dict(old_baseline)
+        plugins = secrets_collection.plugins
+    return plugins
+
+
 def _scan_string(line, plugins):
     longest_plugin_name_length = max(
         map(

diff --git a/detect_secrets/plugins/common/initialize.py b/detect_secrets/plugins/common/initialize.py
@@ -31,6 +31,31 @@ def from_parser_builder(plugins_dict):
     return tuple(output)
 
 
+def merge_plugin_from_baseline(baseline_plugins, args):
+    # if --use-all-plugins
+    #   include all parsed plugins
+    # else
+    #   include all baseline plugins
+    #   remove all disabled plugins
+
+    plugins = []
+    if args.use_all_plugins:
+        plugins = from_parser_builder(args.plugins)
+    elif args.disabled_plugins:  # strip some plugins off baseline
+        plugins = _merge_plugin_from_baseline(baseline_plugins, args)
+    else:
+        plugins = baseline_plugins
+    return plugins
+
+
+def _merge_plugin_from_baseline(baseline_plugins, args):
+    merged_plugins_dict = {vars(plugin)['name']: plugin for plugin in baseline_plugins}
+    for plugin_name in args.disabled_plugins:
+        if plugin_name in merged_plugins_dict:
+            merged_plugins_dict.pop(plugin_name)
+    return merged_plugins_dict.values()
+
+
 def from_plugin_classname(plugin_classname, **kwargs):
     """Initializes a plugin class, given a classname and kwargs.
 

diff --git a/detect_secrets/pre_commit_hook.py b/detect_secrets/pre_commit_hook.py
@@ -36,6 +36,12 @@ def main(argv=None):
         return 1
 
     plugins = initialize.from_parser_builder(args.plugins)
+
+    # Merge plugin from baseline
+    if baseline_collection:
+        plugins = initialize.merge_plugin_from_baseline(baseline_collection.plugins, args)
+        baseline_collection.plugins = plugins
+
     results = find_secrets_in_files(args, plugins)
     if baseline_collection:
         original_results = results
@@ -59,7 +65,6 @@ def main(argv=None):
     )
 
     if VERSION != baseline_collection.version:
-        baseline_collection.plugins = plugins
         baseline_collection.version = VERSION
         baseline_modified = True
 

diff --git a/tests/core/baseline_test.py b/tests/core/baseline_test.py
@@ -424,6 +424,30 @@ def test_new_results_has_nothing(self):
 
         assert merge_results(old_result, {}) == {}
 
+    def test_old_results_have_diff_type_will_carry_over(self):
+        secretA = self.get_secret()
+        secretA["type"] = "different type"
+        secretB = self.get_secret()
+
+        assert merge_results(
+            {
+                'filenameA': [
+                    secretA,
+                ],
+            },
+            {
+                'filenameA': [
+                    secretA,
+                    secretB,
+                ],
+            },
+        ) == {
+            'filenameA': [
+                secretA,
+                secretB,
+            ],
+        }
+
     def test_old_results_have_subset_of_new_results(self):
         secretA = self.get_secret()
         secretB = self.get_secret()

diff --git a/tests/core/secrets_collection_test.py b/tests/core/secrets_collection_test.py
@@ -283,7 +283,7 @@ def test_output(self, mock_gmtime):
 
     def test_load_baseline_from_string(self, mock_gmtime):
         """
-        We use load_baseline_from_string as a proxy to testing _load_baseline_from_dict,
+        We use load_baseline_from_string as a proxy to testing load_baseline_from_dict,
         because it's the most entry into the private function.
         """
         original = self.get_baseline_dict(mock_gmtime)