def mask_secrets()

in azdev/operations/secret.py [0:0]
64 lines of code
16 McCabe index (conditional complexity)

def mask_secrets(file_path=None, directory_path=None, recursive=False,
                 include_pattern=None, exclude_pattern=None, data=None,
                 save_scan_result=None, scan_result_path=None,
                 confidence_level=None, custom_pattern=None, continue_on_failure=None,
                 saved_scan_result_path=None, redaction_type='FIXED_VALUE', yes=None):
    scan_results = {}
    if saved_scan_result_path:
        scan_results = _get_scan_results_from_saved_file(saved_scan_result_path,
                                                         file_path=file_path,
                                                         directory_path=directory_path,
                                                         recursive=recursive,
                                                         include_pattern=include_pattern,
                                                         exclude_pattern=exclude_pattern,
                                                         data=data)
    else:
        scan_response = scan_secrets(file_path=file_path, directory_path=directory_path, recursive=recursive,
                                     include_pattern=include_pattern, exclude_pattern=exclude_pattern, data=data,
                                     save_scan_result=save_scan_result, scan_result_path=scan_result_path,
                                     confidence_level=confidence_level, custom_pattern=custom_pattern,
                                     continue_on_failure=continue_on_failure)
        if save_scan_result and scan_response['scan_result_path']:
            with open(scan_response['scan_result_path'], encoding='utf8') as f:
                scan_results = json.load(f)
        elif not save_scan_result:
            scan_results = scan_response['scan_results']

    mask_result = {
            'mask': False,
            'data': data,
            'file_path': file_path,
            'directory_path': directory_path,
            'recursive': recursive
    }
    if not scan_results:
        logger.warning('No secrets detected, finish directly.')
        return mask_result
    for scan_file_path, secrets in scan_results.items():
        logger.warning('Will mask %d secrets for %s', len(secrets), scan_file_path)
    if not yes:
        from knack.prompting import prompt_y_n
        if not prompt_y_n(f'Do you want to continue with redaction type {redaction_type}?'):
            return mask_result

    if 'raw_data' in scan_results:
        for secret in scan_results['raw_data']:
            data = _mask_secret_for_string(data, secret, redaction_type)
        mask_result['mask'] = True
        mask_result['data'] = data
        return mask_result

    for scan_file_path, secrets in scan_results.items():
        try:
            with open(scan_file_path, 'r', encoding='utf8') as f:
                content = f.read()
            if not content:
                continue
            for secret in secrets:
                content = _mask_secret_for_string(content, secret, redaction_type)
            with open(scan_file_path, 'w', encoding='utf8') as f:
                f.write(content)
        except Exception as ex:  # pylint: disable=broad-exception-caught
            if continue_on_failure:
                logger.warning("Error handling file %s, exception %s", scan_file_path, str(ex))
            else:
                raise ex
    mask_result['mask'] = True
    return mask_result