def scan_secrets()

in azdev/operations/secret.py [0:0]

• 58 lines of code
• 16 McCabe index (conditional complexity)

def scan_secrets(file_path=None, directory_path=None, recursive=False,
                 include_pattern=None, exclude_pattern=None, data=None,
                 save_scan_result=None, scan_result_path=None,
                 confidence_level=None, custom_pattern=None,
                 continue_on_failure=None):
    _validate_data_path(file_path=file_path, directory_path=directory_path,
                        include_pattern=include_pattern, exclude_pattern=exclude_pattern, data=data)
    target_files = []
    scan_results = {}
    if directory_path:
        directory_path = os.path.abspath(directory_path)
        target_files = _get_files_from_directory(directory_path, recursive=recursive,
                                                 include_pattern=include_pattern, exclude_pattern=exclude_pattern)
    if file_path:
        file_path = os.path.abspath(file_path)
        target_files.append(file_path)

    if data:
        secrets = _scan_secrets_for_string(data, confidence_level, custom_pattern)
        if secrets:
            scan_results['raw_data'] = secrets
    elif target_files:
        for target_file in target_files:
            try:
                logger.debug('start scanning secrets for %s', target_file)
                with open(target_file, encoding='utf8') as f:
                    data = f.read()
                if not data:
                    continue
                secrets = _scan_secrets_for_string(data, confidence_level, custom_pattern)
                logger.debug('%d secrets found for %s', len(secrets), target_file)
                if secrets:
                    scan_results[target_file] = secrets
            except Exception as ex:  # pylint: disable=broad-exception-caught
                if continue_on_failure:
                    logger.warning("Error handling file %s, exception %s", target_file, str(ex))
                else:
                    raise ex

    if scan_result_path:
        save_scan_result = True
    if not save_scan_result:
        return {
            'secrets_detected': bool(scan_results),
            'scan_results': scan_results
        }

    if not scan_results:
        return {'secrets_detected': False, 'scan_result_path': None}

    if not scan_result_path:
        from azdev.utilities.config import get_azdev_config_dir
        from datetime import datetime
        file_folder = os.path.join(get_azdev_config_dir(), 'scan_results')
        if not os.path.exists(file_folder):
            os.mkdir(file_folder, 0o755)
        result_file_name = 'scan_result_' + datetime.now().strftime('%Y%m%d%H%M%S') + '.json'
        scan_result_path = os.path.join(file_folder, result_file_name)

    with open(scan_result_path, 'w', encoding='utf8') as f:
        json.dump(scan_results, f)
        logger.debug('store scanning results in %s', scan_result_path)
    return {'secrets_detected': True, 'scan_result_path': os.path.abspath(scan_result_path)}