Bump detect-secrets from 0.14.3 to 1.2.0 (#95)

dependabot[bot] · leplatrem · web-flow · commit be104b72a671 · 2022-07-13T09:31:52.000+02:00
* Bump detect-secrets from 0.14.3 to 1.2.0 Bumps [detect-secrets](https://github.com/Yelp/detect-secrets) from 0.14.3 to 1.2.0. - [Release notes](https://github.com/Yelp/detect-secrets/releases) - [Changelog](https://github.com/Yelp/detect-secrets/blob/master/CHANGELOG.md) - [Commits](Yelp/detect-secrets@v0.14.3...v1.2.0) --- updated-dependencies: - dependency-name: detect-secrets dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Rename variable to avoid secret keyword * Update secrets baseline for newer version Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mathieu Leplatre <mathieu@mozilla.com>
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -1,20 +1,15 @@
 {
-  "custom_plugin_paths": [],
-  "exclude": {
-    "files": "poetry.lock",
-    "lines": null
-  },
-  "generated_at": "2022-07-10T01:39:12Z",
+  "version": "1.2.0",
   "plugins_used": [
     {
-      "name": "AWSKeyDetector"
+      "name": "ArtifactoryDetector"
     },
     {
-      "name": "ArtifactoryDetector"
+      "name": "AWSKeyDetector"
     },
     {
-      "base64_limit": 4.5,
-      "name": "Base64HighEntropyString"
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
     },
     {
       "name": "BasicAuthDetector"
@@ -23,8 +18,8 @@
       "name": "CloudantDetector"
     },
     {
-      "hex_limit": 3,
-      "name": "HexHighEntropyString"
+      "name": "HexHighEntropyString",
+      "limit": 3
     },
     {
       "name": "IbmCloudIamDetector"
@@ -36,8 +31,8 @@
       "name": "JwtTokenDetector"
     },
     {
-      "keyword_exclude": null,
-      "name": "KeywordDetector"
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
     },
     {
       "name": "MailchimpDetector"
@@ -58,19 +53,78 @@
       "name": "TwilioKeyDetector"
     }
   ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    },
+    {
+      "path": "detect_secrets.filters.regex.should_exclude_file",
+      "pattern": [
+        "poetry.lock"
+      ]
+    }
+  ],
   "results": {
     "README.md": [
       {
+        "type": "Hex High Entropy String",
+        "filename": "README.md",
         "hashed_secret": "04e78d6e804f2b59e6cb282cb9ed2c7bfd8a9737",
         "is_verified": false,
-        "line_number": 152,
-        "type": "Hex High Entropy String"
+        "line_number": 152
+      }
+    ],
+    "infra/config/local_dev.env": [
+      {
+        "type": "Secret Keyword",
+        "filename": "infra/config/local_dev.env",
+        "hashed_secret": "4b9a4ce92b6a01a4cd6ee1672d31c043f2ae79ab",
+        "is_verified": false,
+        "line_number": 5
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "infra/config/local_dev.env",
+        "hashed_secret": "77ea6398f252999314d609a708842a49fc43e055",
+        "is_verified": false,
+        "line_number": 8
       }
     ]
   },
-  "version": "0.14.3",
-  "word_list": {
-    "file": null,
-    "hash": null
-  }
+  "generated_at": "2022-07-13T07:01:04Z"
 }
diff --git a/infra/lint.sh b/infra/lint.sh
@@ -12,8 +12,8 @@ black () {
 }
 detect_secrets () {
   # Scan only files fixed into the repo, omit poetry.lock
-  SECRETS_TO_SCAN=`git ls-tree --full-tree -r --name-only HEAD | grep -v poetry.lock`
-  $POETRY_RUN detect-secrets-hook $SECRETS_TO_SCAN --baseline .secrets.baseline
+  FILES_TO_SCAN=`git ls-tree --full-tree -r --name-only HEAD | grep -v poetry.lock`
+  $POETRY_RUN detect-secrets-hook $FILES_TO_SCAN --baseline .secrets.baseline
 }
 isort () {
   $POETRY_RUN isort ${check:+--check-only} .
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -27,7 +27,7 @@ black = "^22.1.0"
 isort = "^5.10.1"
 coverage = {extras = ["toml"], version = "^5.3"}
 mypy = "^0.910"
-detect-secrets = "^0.14.3"
+detect-secrets = "^1.2.0"
 bandit = "^1.7.0"
 pylint = "^2.7.2"
 pylint-pytest = "^1.1.2"

Original file line number	Diff line number	Diff line change
`@@ -12,8 +12,8 @@ black () {`
`12`	`12`	`}`
`13`	`13`	`detect_secrets () {`
`14`	`14`	`# Scan only files fixed into the repo, omit poetry.lock`
`15`		- SECRETS_TO_SCAN=`git ls-tree --full-tree -r --name-only HEAD \| grep -v poetry.lock`
`16`		`- $POETRY_RUN detect-secrets-hook $SECRETS_TO_SCAN --baseline .secrets.baseline`
	`15`	+ FILES_TO_SCAN=`git ls-tree --full-tree -r --name-only HEAD \| grep -v poetry.lock`
	`16`	`+ $POETRY_RUN detect-secrets-hook $FILES_TO_SCAN --baseline .secrets.baseline`
`17`	`17`	`}`
`18`	`18`	`isort () {`
`19`	`19`	`$POETRY_RUN isort ${check:+--check-only} .`