Add --random flag for generating random config values (#1040)

* add random config generator

* refine else if statement

* take out interactive prompt

* add test for CreateRandomConfigValue()

* add go mod and go sum

* edit vendor hash

* edit detector to use logic instead of json

* edit entropy comment

* edit flag description

* Update src/go.mod

---------

Co-authored-by: Lio李歐 <[email protected]>

Author: commit111

src/cmd/cli/command/commands.go

@@ -223,6 +223,7 @@ func SetupCommands(ctx context.Context, version string) {
 	// Config Command (was: secrets)
 	configSetCmd.Flags().BoolP("name", "n", false, "name of the config (backwards compat)")
 	configSetCmd.Flags().BoolP("env", "e", false, "set the config from an environment variable")
+	configSetCmd.Flags().Bool("random", false, "set a secure randomly generated value for config")
 	_ = configSetCmd.Flags().MarkHidden("name")
 
 	configCmd.AddCommand(configSetCmd)
@@ -699,6 +700,7 @@ var configSetCmd = &cobra.Command{
 	Short:       "Adds or updates a sensitive config value",
 	RunE: func(cmd *cobra.Command, args []string) error {
 		fromEnv, _ := cmd.Flags().GetBool("env")
+		random, _ := cmd.Flags().GetBool("random")
 
 		// Make sure we have a project to set config for before asking for a value
 		loader := configureLoader(cmd)
@@ -749,6 +751,10 @@ var configSetCmd = &cobra.Command{
 			}
 			// Trim the newline at the end because single line values are common
 			value = strings.TrimSuffix(string(bytes), "\n")
+		} else if random {
+			// Generate a random value for the config
+			value = CreateRandomConfigValue()
+			term.Info("Generated random value: " + value)
 		} else {
 			// Prompt for sensitive value
 			var sensitivePrompt = &survey.Password{

src/cmd/cli/command/configrandom.go

@@ -0,0 +1,17 @@
+package command
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"regexp"
+)
+
+func CreateRandomConfigValue() string {
+	// Note that no error handling is necessary, as Read always succeeds.
+	key := make([]byte, 32)
+	rand.Read(key)
+	str := base64.StdEncoding.EncodeToString(key)
+	re := regexp.MustCompile("[+/=]")
+	str = re.ReplaceAllString(str, "")
+	return str
+}

src/cmd/cli/command/configrandom_test.go

@@ -0,0 +1,55 @@
+package command
+
+import (
+	"testing"
+
+	"github.com/DefangLabs/secret-detector/pkg/scanner"
+)
+
+func TestCreateRandomConfigValue(t *testing.T) {
+	// create a scanner config
+	cfg := scanner.NewConfigWithDefaults()
+
+	// adjust the entropy threshold value for the "high_entropy_string" detector.
+	// this will affect the level of randomness that is tolerated in a string
+	// (0 = low entropy, 4+ = very high entropy)
+	cfg.DetectorConfigs["high_entropy_string"] = []string{"3"}
+
+	// create the scanner based on scanner config
+	scannerClient, err := scanner.NewScannerFromConfig(cfg)
+	if err != nil {
+		t.Fatalf("Failed to make a config detector: " + err.Error())
+	}
+
+	// a map for storing generated results to check if they are unique
+	var uniqueConfigList = make(map[string]bool)
+
+	var testIterations = 5
+	for range testIterations {
+		// call the function to create a random config
+		randomConfig := CreateRandomConfigValue()
+
+		// store generated configs as unique keys in a map
+		uniqueConfigList[randomConfig] = true
+
+		// scan the config
+		ds, err := scannerClient.Scan(randomConfig)
+		if err != nil {
+			t.Fatalf("Failed to scan input: " + err.Error())
+		}
+
+		// the length of ds (detected secrets) should be one
+		for _, d := range ds {
+			// check if the config meets the threshold for high entropy (randomness)
+			if d.Type != "High entropy string" {
+				t.Errorf("did not meet the entropy threshold: generated value of %q", randomConfig)
+			}
+		}
+	}
+
+	// check if the length of the map matches the number of test iterations (should be equal if all keys are unique)
+	numOfUniqueConfigs := len(uniqueConfigList)
+	if numOfUniqueConfigs < testIterations {
+		t.Errorf("generated result was not unique: expected numOfUniqueConfigs to be %d, but got %d", testIterations, numOfUniqueConfigs)
+	}
+}