Fix db2 detector (Yelp#211)

* Attempts to fix db2 detector Installing from this branch and testing... * debugging * don't catch exception to see what it is * Print username password * Back to try except * print conn string * Fix single quote issue * Test case * Remove print statements * Test case for double quotes * code comment
IBM · Jun 24, 2020 · b0cd34b · b0cd34b
1 parent 07280f6
commit b0cd34b
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 1 deletion.
diff --git a/detect_secrets/plugins/db2.py b/detect_secrets/plugins/db2.py
@@ -19,7 +19,10 @@ class DB2Detector(RegexBasedDetector):
     password_keyword = r'(?:password|pwd|pass|passwd)'
     opt_space = r'(?: *)'
     assignment = r'(?:=|:|:=|=>|::)'
-    password = r'([^\n"]+)'
+    # catch any character except newline and quotations, we exclude these
+    # because the regex will erronously match them when present at the end of the password
+    # db2 password requirements vary by version so we cast a broad net
+    password = r'([^\n"\']+)'
     denylist = (
         re.compile(
             r'{begin}{opt_quote}{opt_db}{opt_dash_undrscr}{password_keyword}{opt_quote}{opt_space}'

diff --git a/tests/plugins/db2_test.py b/tests/plugins/db2_test.py
@@ -92,6 +92,42 @@ def test_verify_valid_secret(self, mock_db2_connect):
 
         mock_db2_connect.assert_called_with(DB2_CONN_STRING, '', '')
 
+    @patch('detect_secrets.plugins.db2.ibm_db.connect')
+    def test_verify_valid_secret_in_single_quotes(self, mock_db2_connect):
+        mock_db2_connect.return_value = MagicMock()
+
+        potential_secret = PotentialSecret('test db2', 'test filename', DB2_PASSWORD)
+        assert DB2Detector().verify(
+            DB2_PASSWORD,
+            '''user='{}',
+               password='{}',
+               database='{}',
+               host='{}',
+               port='{}'
+            '''.format(DB2_USER, DB2_PASSWORD, DB2_DATABASE, DB2_HOSTNAME, DB2_PORT),
+            potential_secret,
+        ) == VerifiedResult.VERIFIED_TRUE
+
+        mock_db2_connect.assert_called_with(DB2_CONN_STRING, '', '')
+
+    @patch('detect_secrets.plugins.db2.ibm_db.connect')
+    def test_verify_valid_secret_in_double_quotes(self, mock_db2_connect):
+        mock_db2_connect.return_value = MagicMock()
+
+        potential_secret = PotentialSecret('test db2', 'test filename', DB2_PASSWORD)
+        assert DB2Detector().verify(
+            DB2_PASSWORD,
+            '''user="{}",
+               password="{}",
+               database="{}",
+               host="{}",
+               port="{}"
+            '''.format(DB2_USER, DB2_PASSWORD, DB2_DATABASE, DB2_HOSTNAME, DB2_PORT),
+            potential_secret,
+        ) == VerifiedResult.VERIFIED_TRUE
+
+        mock_db2_connect.assert_called_with(DB2_CONN_STRING, '', '')
+
     @patch('detect_secrets.plugins.db2.ibm_db.connect')
     def test_verify_from_url(self, mock_db2_connect):
         mock_db2_connect.return_value = MagicMock()