Add new pattern (#222)

tsmithv11 · web-flow · commit 1790240be5a4 · 2024-11-04T10:14:27.000+02:00
diff --git a/detect_secrets/plugins/keyword.py b/detect_secrets/plugins/keyword.py
@@ -223,6 +223,16 @@
     ),
     flags=re.IGNORECASE,
 )
+DATA_PUT_PASSWORD_REGEX = re.compile(
+    # Matches patterns like data.put("password", "bar") or data.put('password', 'bar')
+    r'data\.put\({whitespace}{quote}{denylist}{quote}{whitespace},{whitespace}{quote}({secret}){quote}{whitespace}\)'.format(
+        denylist=DENYLIST_REGEX_WITH_PREFIX,
+        quote=QUOTE,
+        whitespace=OPTIONAL_WHITESPACE,
+        secret=SECRET,
+    ),
+    re.IGNORECASE,
+)
 CONFIG_DENYLIST_REGEX_TO_GROUP = {
     FOLLOWED_BY_COLON_REGEX: 4,
     PRECEDED_BY_EQUAL_COMPARISON_SIGNS_QUOTES_REQUIRED_REGEX: 2,
@@ -248,6 +258,7 @@
     FOLLOWED_BY_EQUAL_SIGNS_QUOTES_REQUIRED_REGEX: 5,
     FOLLOWED_BY_QUOTES_AND_SEMICOLON_REGEX: 3,
     FOLLOWED_BY_ARROW_FUNCTION_SIGN_QUOTES_REQUIRED_REGEX: 4,
+    DATA_PUT_PASSWORD_REGEX: 2,
 }
 
 TERRAFORM_DENYLIST_REGEX_TO_GROUP = {
diff --git a/tests/plugins/keyword_test.py b/tests/plugins/keyword_test.py
@@ -162,6 +162,8 @@
     (LONG_LINE, None),  # Long line test
     ('password => ""', None),
     ('password => {}'.format(COMMON_SECRET), None),
+    ('data.put("password", "{}")'.format(COMMON_SECRET), COMMON_SECRET),
+    ('data.put("secret", "{}")'.format(COMMON_SECRET), COMMON_SECRET),
 ]
 
 QUOTES_REQUIRED_TEST_CASES = [

Original file line number	Diff line number	Diff line change
`@@ -162,6 +162,8 @@`
`162`	`162`	`(LONG_LINE, None), # Long line test`
`163`	`163`	`('password => ""', None),`
`164`	`164`	`('password => {}'.format(COMMON_SECRET), None),`
	`165`	`+ ('data.put("password", "{}")'.format(COMMON_SECRET), COMMON_SECRET),`
	`166`	`+ ('data.put("secret", "{}")'.format(COMMON_SECRET), COMMON_SECRET),`
`165`	`167`	`]`
`166`	`168`
`167`	`169`	`QUOTES_REQUIRED_TEST_CASES = [`