From 5b002241f813aa2bd8a101a453b02a0f07d9816a Mon Sep 17 00:00:00 2001 From: Naor David Date: Thu, 9 May 2024 16:42:10 +0300 Subject: [PATCH] optimize AzureStorageKeyDetector performance --- detect_secrets/plugins/azure_storage_key.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/detect_secrets/plugins/azure_storage_key.py b/detect_secrets/plugins/azure_storage_key.py index e46f25f6..1a77f094 100644 --- a/detect_secrets/plugins/azure_storage_key.py +++ b/detect_secrets/plugins/azure_storage_key.py @@ -13,10 +13,14 @@ from detect_secrets.plugins.base import RegexBasedDetector from detect_secrets.util.code_snippet import CodeSnippet + class AzureStorageKeyDetector(RegexBasedDetector): """Scans for Azure Storage Account access keys.""" secret_type = 'Azure Storage Account access key' + account_key = 'AccountKey' + azure = 'azure' + denylist = [ # Account Key (AccountKey=xxxxxxxxx) re.compile( @@ -25,14 +29,15 @@ class AzureStorageKeyDetector(RegexBasedDetector): ] context_keys = [ - r'AccountKey=\s*{secret}', + r'{account_key}=\s*{secret}', # maximum 2 lines secret distance under azure mention (case-insensitive) - r'(?i)azure.*\n?.*\n?.*{secret}', + r'(?i){azure}.*\n?.*\n?.*{secret}', # maximum 2 lines secret distance above azure mention (case-insensitive) - r'(?i){secret}.*\n?.*\n?.*azure', + r'(?i){secret}.*\n?.*\n?.*{azure}', ] + def analyze_line( self, filename: str, @@ -65,9 +70,13 @@ def context_keys_exists(self, result: PotentialSecret, string: str) -> bool: for secret_regex in self.context_keys: regex = re.compile( secret_regex.format( - secret=re.escape(result.secret_value), + secret=re.escape(result.secret_value), account_key=self.account_key, azure=self.azure ), re.MULTILINE, ) + if regex.pattern.startswith(self.account_key) and self.account_key not in string: + continue + if self.azure in regex.pattern and self.azure not in string: + continue if regex.search(string) is not None: return True return False