chore: rename detector in detector_display_name

Author: salome-voltz

changelog.d/20250423_102414_salome.voltz_scrt_5438_ggshield_for_each_detected_secret_add_a_link_towards_our.md

@@ -13,8 +13,7 @@ Uncomment the section that is right (remove the HTML comment wrapper).
 
 ### Added
 
-- Extra information in scan results (detector name, detector group name and documentation URL).
-- Link to detector documentation in text output.
+- `ggshield secret scan` output now contains a link to the detector documentation for each secret found.
 
 <!--
 ### Changed

ggshield/verticals/secret/output/secret_gitlab_webui_output_handler.py

@@ -17,7 +17,7 @@ def format_secret(secret: Secret) -> str:
         f'{x.match_type}: "{censor_match(x)}"' for x in secret.matches
     )
     validity = translate_validity(secret.validity)
-    return f"{secret.detector} (Validity: {validity}, {match_str})"
+    return f"{secret.detector_display_name} (Validity: {validity}, {match_str})"
 
 
 class SecretGitLabWebUIOutputHandler(SecretOutputHandler):

ggshield/verticals/secret/output/secret_json_output_handler.py

@@ -118,7 +118,7 @@ def serialized_secret(
             "occurrences": [],
             "ignore_sha": ignore_sha,
             "policy": secrets[0].policy,
-            "detector": secrets[0].detector,
+            "detector": secrets[0].detector_display_name,
             "total_occurrences": len(secrets),
         }
 

ggshield/verticals/secret/output/secret_sarif_output_handler.py

@@ -76,12 +76,16 @@ def _create_sarif_result_dict(
         f"- [{m.match_type}]({id})" for id, m in enumerate(secret.matches)
     )
     extended_matches = cast(List[ExtendedMatch], secret.matches)
-    message = f"Secret detected: {secret.detector}.\nMatches: {matches_str}"
-    markdown_message = f"Secret detected: {secret.detector}\nMatches:\n{matches_li}"
+    message = (
+        f"Secret detected: {secret.detector_display_name}.\nMatches: {matches_str}"
+    )
+    markdown_message = (
+        f"Secret detected: {secret.detector_display_name}\nMatches:\n{matches_li}"
+    )
 
     # Create dict
     dct = {
-        "ruleId": secret.detector,
+        "ruleId": secret.detector_display_name,
         "level": "error",
         "message": {
             "text": message,

ggshield/verticals/secret/output/secret_text_output_handler.py

@@ -297,7 +297,7 @@ def secret_header(
     )
 
     start_line = format_text(">>", STYLE["detector_line_start"])
-    secret_type = format_text(secret.detector, STYLE["secret_type"])
+    secret_type = format_text(secret.detector_display_name, STYLE["secret_type"])
     number_occurrences = format_text(str(len(secrets)), STYLE["occurrence_count"])
     ignore_sha = format_text(ignore_sha, STYLE["ignore_sha"])
 

ggshield/verticals/secret/secret_scan_collection.py

@@ -83,7 +83,7 @@ class Secret:
     Named Secret since we are dropping other kind of policy breaks.
     """
 
-    detector: str  # Detector display name
+    detector_display_name: str
     detector_name: str
     detector_group_name: str
     documentation_url: Optional[str]
@@ -189,7 +189,7 @@ def from_scan_result(
                 validity=policy_break.validity,
                 known_secret=policy_break.known_secret,
                 incident_url=policy_break.incident_url,
-                detector=policy_break.break_type,
+                detector_display_name=policy_break.break_type,
                 detector_name=policy_break.detector_name,
                 detector_group_name=policy_break.detector_group_name,
                 documentation_url=policy_break.documentation_url,

ggshield/verticals/secret/secret_scanner.py

@@ -216,7 +216,7 @@ def _collect_results(
                 result = Result.from_scan_result(file, scan_result, self.secret_config)
                 for secret in result.secrets:
                     self.cache.add_found_policy_break(
-                        secret.detector,
+                        secret.detector_display_name,
                         secret.get_ignore_sha(),
                         file.filename,
                     )

tests/factories.py

@@ -97,9 +97,11 @@ class SecretFactory(factory.Factory):
     class Meta:
         model = Secret
 
-    detector = factory.lazy_attribute(lambda obj: random.choice(DETECTOR_NAMES))
-    detector_name = factory.lazy_attribute(lambda obj: obj.detector)
-    detector_group_name = factory.lazy_attribute(lambda obj: obj.detector)
+    detector_display_name = factory.lazy_attribute(
+        lambda obj: random.choice(DETECTOR_NAMES)
+    )
+    detector_name = factory.lazy_attribute(lambda obj: obj.detector_display_name)
+    detector_group_name = factory.lazy_attribute(lambda obj: obj.detector_display_name)
     documentation_url = None
     validity = "valid"
     known_secret = True

tests/unit/verticals/secret/output/test_gitlab_webui_output.py

@@ -18,7 +18,7 @@ def test_format_secret():
     )
     out = format_secret(secret)
 
-    assert secret.detector in out
+    assert secret.detector_display_name in out
     assert "Validity: Valid" in out
     for match in secret.matches:
         assert match.match_type in out

tests/unit/verticals/secret/output/test_json_output.py

@@ -509,14 +509,18 @@ def test_ignore_known_secrets(verbose, ignore_known_secrets, secrets_types):
     incident_for_secret_type = {incident["type"]: incident for incident in incidents}
 
     for secret in known_secrets:
-        assert incident_for_secret_type[secret.detector]["known_secret"]
-        assert incident_for_secret_type[secret.detector]["incident_url"].startswith(
-            "https://dashboard.gitguardian.com/workspace/1/incidents/"
-        )
+        assert incident_for_secret_type[secret.detector_display_name]["known_secret"]
+        assert incident_for_secret_type[secret.detector_display_name][
+            "incident_url"
+        ].startswith("https://dashboard.gitguardian.com/workspace/1/incidents/")
 
     for secret in new_secrets:
-        assert not incident_for_secret_type[secret.detector]["known_secret"]
-        assert not incident_for_secret_type[secret.detector]["incident_url"]
+        assert not incident_for_secret_type[secret.detector_display_name][
+            "known_secret"
+        ]
+        assert not incident_for_secret_type[secret.detector_display_name][
+            "incident_url"
+        ]
 
 
 @pytest.mark.parametrize("with_incident_details", [True, False])