-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathupdate_secrets_registry.html
More file actions
242 lines (222 loc) · 13.2 KB
/
Copy pathupdate_secrets_registry.html
File metadata and controls
242 lines (222 loc) · 13.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
<!--
-- Copyright (C) 2020-2026 Arm Limited or its affiliates and Contributors. All rights reserved.
-- SPDX-License-Identifier: Apache-2.0
-->
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
<meta name="generator" content="pdoc 0.10.0" />
<title>continuous_delivery_scripts.update_secrets_registry API documentation</title>
<meta name="description" content="Record the project's accepted secret registry using detect-secrets." />
<link rel="preload stylesheet" as="style" href="https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/11.0.1/sanitize.min.css" integrity="sha256-PK9q560IAAa6WVRRh76LtCaI8pjTJ2z11v0miyNNjrs=" crossorigin>
<link rel="preload stylesheet" as="style" href="https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/11.0.1/typography.min.css" integrity="sha256-7l/o7C8jubJiy74VsKTidCy1yBkRtiUGbVkYBylBqUg=" crossorigin>
<link rel="stylesheet preload" as="style" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.1.1/styles/github.min.css" crossorigin>
<style>:root{--highlight-color:#fe9}.flex{display:flex !important}body{line-height:1.5em}#content{padding:20px}#sidebar{padding:30px;overflow:hidden}#sidebar > *:last-child{margin-bottom:2cm}.http-server-breadcrumbs{font-size:130%;margin:0 0 15px 0}#footer{font-size:.75em;padding:5px 30px;border-top:1px solid #ddd;text-align:right}#footer p{margin:0 0 0 1em;display:inline-block}#footer p:last-child{margin-right:30px}h1,h2,h3,h4,h5{font-weight:300}h1{font-size:2.5em;line-height:1.1em}h2{font-size:1.75em;margin:1em 0 .50em 0}h3{font-size:1.4em;margin:25px 0 10px 0}h4{margin:0;font-size:105%}h1:target,h2:target,h3:target,h4:target,h5:target,h6:target{background:var(--highlight-color);padding:.2em 0}a{color:#058;text-decoration:none;transition:color .3s ease-in-out}a:hover{color:#e82}.title code{font-weight:bold}h2[id^="header-"]{margin-top:2em}.ident{color:#900}pre code{background:#f8f8f8;font-size:.8em;line-height:1.4em}code{background:#f2f2f1;padding:1px 4px;overflow-wrap:break-word}h1 code{background:transparent}pre{background:#f8f8f8;border:0;border-top:1px solid #ccc;border-bottom:1px solid #ccc;margin:1em 0;padding:1ex}#http-server-module-list{display:flex;flex-flow:column}#http-server-module-list div{display:flex}#http-server-module-list dt{min-width:10%}#http-server-module-list p{margin-top:0}.toc ul,#index{list-style-type:none;margin:0;padding:0}#index code{background:transparent}#index h3{border-bottom:1px solid #ddd}#index ul{padding:0}#index h4{margin-top:.6em;font-weight:bold}@media (min-width:200ex){#index .two-column{column-count:2}}@media (min-width:300ex){#index .two-column{column-count:3}}dl{margin-bottom:2em}dl dl:last-child{margin-bottom:4em}dd{margin:0 0 1em 3em}#header-classes + dl > dd{margin-bottom:3em}dd dd{margin-left:2em}dd p{margin:10px 0}.name{background:#eee;font-weight:bold;font-size:.85em;padding:5px 10px;display:inline-block;min-width:40%}.name:hover{background:#e0e0e0}dt:target .name{background:var(--highlight-color)}.name > span:first-child{white-space:nowrap}.name.class > span:nth-child(2){margin-left:.4em}.inherited{color:#999;border-left:5px solid #eee;padding-left:1em}.inheritance em{font-style:normal;font-weight:bold}.desc h2{font-weight:400;font-size:1.25em}.desc h3{font-size:1em}.desc dt code{background:inherit}.source summary,.git-link-div{color:#666;text-align:right;font-weight:400;font-size:.8em;text-transform:uppercase}.source summary > *{white-space:nowrap;cursor:pointer}.git-link{color:inherit;margin-left:1em}.source pre{max-height:500px;overflow:auto;margin:0}.source pre code{font-size:12px;overflow:visible}.hlist{list-style:none}.hlist li{display:inline}.hlist li:after{content:',\2002'}.hlist li:last-child:after{content:none}.hlist .hlist{display:inline;padding-left:1em}img{max-width:100%}td{padding:0 .5em}.admonition{padding:.1em .5em;margin-bottom:1em}.admonition-title{font-weight:bold}.admonition.note,.admonition.info,.admonition.important{background:#aef}.admonition.todo,.admonition.versionadded,.admonition.tip,.admonition.hint{background:#dfd}.admonition.warning,.admonition.versionchanged,.admonition.deprecated{background:#fd4}.admonition.error,.admonition.danger,.admonition.caution{background:lightpink}</style>
<style media="screen and (min-width: 700px)">@media screen and (min-width:700px){#sidebar{width:30%;height:100vh;overflow:auto;position:sticky;top:0}#content{width:70%;max-width:100ch;padding:3em 4em;border-left:1px solid #ddd}pre code{font-size:1em}.item .name{font-size:1em}main{display:flex;flex-direction:row-reverse;justify-content:flex-end}.toc ul ul,#index ul{padding-left:1.5em}.toc > ul > li{margin-top:.5em}}</style>
<style media="print">@media print{#sidebar h1{page-break-before:always}.source{display:none}}@media print{*{background:transparent !important;color:#000 !important;box-shadow:none !important;text-shadow:none !important}a[href]:after{content:" (" attr(href) ")";font-size:90%}a[href][title]:after{content:none}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}@page{margin:0.5cm}p,h2,h3{orphans:3;widows:3}h1,h2,h3,h4,h5,h6{page-break-after:avoid}}</style>
<script defer src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.1.1/highlight.min.js" integrity="sha256-Uv3H6lx7dJmRfRvH8TH6kJD1TSK1aFcwgx+mdg3epi8=" crossorigin></script>
<script>window.addEventListener('DOMContentLoaded', () => hljs.initHighlighting())</script>
</head>
<body>
<main>
<article id="content">
<header>
<h1 class="title">Module <code>continuous_delivery_scripts.update_secrets_registry</code></h1>
</header>
<section id="section-intro">
<p>Record the project's accepted secret registry using detect-secrets.</p>
<details class="source">
<summary>
<span>Expand source code</span>
</summary>
<pre><code class="python">#
# Copyright (C) 2020-2026 Arm Limited or its affiliates and Contributors. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
#
"""Record the project's accepted secret registry using detect-secrets."""
import argparse
import logging
import re
import subprocess
import sys
from pathlib import Path
from typing import List, Optional
from continuous_delivery_scripts.language_specifics import get_language_specifics
from continuous_delivery_scripts.utils.configuration import (
configuration,
ConfigurationVariable,
)
from continuous_delivery_scripts.utils.logging import log_exception, set_log_level
logger = logging.getLogger(__name__)
GENERIC_SECRET_REGISTRY_EXCLUDE_FILES = [
r".*\.html$",
r".*\.properties$",
r".*ci\.yml$",
r"^\.git[\\/]",
]
def _get_secrets_baseline_filename() -> str:
return str(configuration.get_value(ConfigurationVariable.SECRETS_BASELINE_FILENAME))
def _get_secrets_baseline_file(output_file: Optional[Path] = None) -> Path:
project_root = Path(str(configuration.get_value(ConfigurationVariable.PROJECT_ROOT)))
baseline_file = output_file or Path(_get_secrets_baseline_filename())
return baseline_file if baseline_file.is_absolute() else project_root.joinpath(baseline_file)
def _generate_detect_secrets_command_list(exclude_files: List[str]) -> List[str]:
command = ["detect-secrets", "scan", "--all-files"]
for exclude_file in exclude_files:
command.extend(["--exclude-files", exclude_file])
return command
def _determine_exclude_files() -> List[str]:
exclude_files = list(GENERIC_SECRET_REGISTRY_EXCLUDE_FILES)
baseline_file_pattern = re.escape(_get_secrets_baseline_filename()).replace(r"\\", r"[\\/]")
exclude_files.append(rf"^{baseline_file_pattern}$")
exclude_files.extend(get_language_specifics().get_secret_registry_exclude_files())
return list(dict.fromkeys(exclude_files))
def update_secrets_registry(output_file: Optional[Path] = None) -> Path:
"""Record the project's accepted secret registry for detect-secrets."""
project_root = Path(str(configuration.get_value(ConfigurationVariable.PROJECT_ROOT)))
baseline_file = _get_secrets_baseline_file(output_file)
logger.info("Updating secrets baseline at [%s].", baseline_file)
baseline_contents = subprocess.check_output(
_generate_detect_secrets_command_list(_determine_exclude_files()),
cwd=str(project_root),
encoding="utf8",
)
baseline_file.write_text(baseline_contents, encoding="utf8")
return baseline_file
def main() -> int:
"""Script CLI."""
parser = argparse.ArgumentParser(
description=(
"Record the project's accepted secret registry so allowed findings are not flagged again. "
"This uses Yelp detect-secrets (https://github.com/Yelp/detect-secrets)."
)
)
parser.add_argument(
"-r",
"--registry-file",
default=_get_secrets_baseline_filename(),
help="Secret registry file to generate.",
type=Path,
)
parser.add_argument(
"-v",
"--verbose",
action="count",
default=0,
help="Verbosity, by default errors are reported.",
)
args = parser.parse_args()
set_log_level(args.verbose)
try:
update_secrets_registry(args.registry_file)
return 0
except Exception as e:
log_exception(logger, e)
return 1
if __name__ == "__main__":
sys.exit(main())</code></pre>
</details>
</section>
<section>
</section>
<section>
</section>
<section>
<h2 class="section-title" id="header-functions">Functions</h2>
<dl>
<dt id="continuous_delivery_scripts.update_secrets_registry.main"><code class="name flex">
<span>def <span class="ident">main</span></span>(<span>) ‑> int</span>
</code></dt>
<dd>
<div class="desc"><p>Script CLI.</p></div>
<details class="source">
<summary>
<span>Expand source code</span>
</summary>
<pre><code class="python">def main() -> int:
"""Script CLI."""
parser = argparse.ArgumentParser(
description=(
"Record the project's accepted secret registry so allowed findings are not flagged again. "
"This uses Yelp detect-secrets (https://github.com/Yelp/detect-secrets)."
)
)
parser.add_argument(
"-r",
"--registry-file",
default=_get_secrets_baseline_filename(),
help="Secret registry file to generate.",
type=Path,
)
parser.add_argument(
"-v",
"--verbose",
action="count",
default=0,
help="Verbosity, by default errors are reported.",
)
args = parser.parse_args()
set_log_level(args.verbose)
try:
update_secrets_registry(args.registry_file)
return 0
except Exception as e:
log_exception(logger, e)
return 1</code></pre>
</details>
</dd>
<dt id="continuous_delivery_scripts.update_secrets_registry.update_secrets_registry"><code class="name flex">
<span>def <span class="ident">update_secrets_registry</span></span>(<span>output_file: Optional[pathlib.Path] = None) ‑> pathlib.Path</span>
</code></dt>
<dd>
<div class="desc"><p>Record the project's accepted secret registry for detect-secrets.</p></div>
<details class="source">
<summary>
<span>Expand source code</span>
</summary>
<pre><code class="python">def update_secrets_registry(output_file: Optional[Path] = None) -> Path:
"""Record the project's accepted secret registry for detect-secrets."""
project_root = Path(str(configuration.get_value(ConfigurationVariable.PROJECT_ROOT)))
baseline_file = _get_secrets_baseline_file(output_file)
logger.info("Updating secrets baseline at [%s].", baseline_file)
baseline_contents = subprocess.check_output(
_generate_detect_secrets_command_list(_determine_exclude_files()),
cwd=str(project_root),
encoding="utf8",
)
baseline_file.write_text(baseline_contents, encoding="utf8")
return baseline_file</code></pre>
</details>
</dd>
</dl>
</section>
<section>
</section>
</article>
<nav id="sidebar">
<h1>Index</h1>
<div class="toc">
<ul></ul>
</div>
<ul id="index">
<li><h3>Super-module</h3>
<ul>
<li><code><a title="continuous_delivery_scripts" href="index.html">continuous_delivery_scripts</a></code></li>
</ul>
</li>
<li><h3><a href="#header-functions">Functions</a></h3>
<ul class="">
<li><code><a title="continuous_delivery_scripts.update_secrets_registry.main" href="#continuous_delivery_scripts.update_secrets_registry.main">main</a></code></li>
<li><code><a title="continuous_delivery_scripts.update_secrets_registry.update_secrets_registry" href="#continuous_delivery_scripts.update_secrets_registry.update_secrets_registry">update_secrets_registry</a></code></li>
</ul>
</li>
</ul>
</nav>
</main>
<footer id="footer">
<p>Generated by <a href="https://pdoc3.github.io/pdoc" title="pdoc: Python API documentation generator"><cite>pdoc</cite> 0.10.0</a>.</p>
</footer>
</body>
</html>