99REGEX_INFO = {
1010 "AWS Access Key" : {
1111 "value_pattern" : re .compile (r"(AKIA[0-9A-Z]{16})" ),
12- "severity" : "HIGH"
12+ "severity" : "HIGH" ,
1313 },
1414 "Password" : {
1515 "var_patterns" : [
1616 re .compile (r"password" , re .IGNORECASE ),
1717 re .compile (r"pwd" , re .IGNORECASE ),
18- re .compile (r"passwd" , re .IGNORECASE )
18+ re .compile (r"passwd" , re .IGNORECASE ),
1919 ],
2020 "min_length" : 4 ,
21- "severity" : "HIGH"
21+ "severity" : "HIGH" ,
2222 },
2323 "API Key" : {
2424 "var_patterns" : [
2525 re .compile (r"api_key" , re .IGNORECASE ),
26- re .compile (r"apikey" , re .IGNORECASE )
26+ re .compile (r"apikey" , re .IGNORECASE ),
2727 ],
28- "min_length" : 4 ,
29- "severity" : "HIGH"
28+ "min_length" : 4 ,
29+ "severity" : "HIGH" ,
3030 },
3131 "Token" : {
3232 "var_patterns" : [re .compile (r"token" , re .IGNORECASE )],
3333 "min_length" : 4 ,
34- "severity" : "MEDIUM"
34+ "severity" : "MEDIUM" ,
3535 },
3636 "Secret" : {
37- "var_patterns" : [re .compile (r"secret" , re .IGNORECASE ),],
37+ "var_patterns" : [
38+ re .compile (r"secret" , re .IGNORECASE ),
39+ ],
3840 "min_length" : 4 ,
39- "severity" : "MEDIUM"
40- }
41+ "severity" : "MEDIUM" ,
42+ },
4143}
4244
4345
@@ -57,7 +59,7 @@ def parse_ast(file):
5759 tree = ast .parse (file )
5860 except SyntaxError :
5961 return None
60-
62+
6163 return tree
6264
6365
@@ -71,7 +73,7 @@ def get_assignments(tree):
7173 Yields:
7274 ast.Assign: Assignment nodes found during traversal.
7375 """
74- for node in ast .walk (tree ):
76+ for node in ast .walk (tree ):
7577 if isinstance (node , ast .Assign ):
7678 yield node
7779
@@ -87,10 +89,7 @@ def extract_node_value(node):
8789 str | None: String value if valid, otherwise None.
8890 """
8991 val = node .value
90- if not (
91- isinstance (val , ast .Constant )
92- and isinstance (val .value , str )
93- ):
92+ if not (isinstance (val , ast .Constant ) and isinstance (val .value , str )):
9493 return None
9594 return val .value
9695
@@ -159,7 +158,7 @@ def detect_from_parts(var_name, val):
159158 # Match suspicious variable names and enforce minimum value length
160159 if "var_patterns" in data :
161160 for pattern in data ["var_patterns" ]:
162- match = pattern .search (var_name )
161+ match = pattern .search (var_name )
163162 if match and len (val ) >= data ["min_length" ]:
164163 findings .append ((rule , data ["severity" ], val ))
165164
@@ -204,5 +203,3 @@ def detect_ast_secrets(code):
204203 findings .append ((line_number , pattern_name , severity , value ))
205204
206205 return findings
207-
208-
0 commit comments