From a183582dd174c87d0dccf185322dd4dcf6cbce43 Mon Sep 17 00:00:00 2001
From: Victor Zhou <vzhou@yelp.com>
Date: Mon, 8 Jul 2019 15:38:40 -0700
Subject: [PATCH] Improve sequential string detection

* Ensure that we catch all base64 strings correctly
* Add an explicit check for alphanumeric sequences
* Add some more tests for sequential string detection
---
 detect_secrets/plugins/common/filters.py | 16 +++++++++++++++-
 tests/plugins/common/filters_test.py     | 14 ++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/detect_secrets/plugins/common/filters.py b/detect_secrets/plugins/common/filters.py
index 6c2dda9c..3a5e079d 100644
--- a/detect_secrets/plugins/common/filters.py
+++ b/detect_secrets/plugins/common/filters.py
@@ -21,17 +21,31 @@ def is_sequential_string(secret):
     Returns true if string is sequential.
     """
     sequences = (
+        # base64 letters first
         (
             string.ascii_uppercase +
             string.ascii_uppercase +
+            string.digits +
+            '+/'
+        ),
+
+        # base64 numbers first
+        (
             string.digits +
             string.ascii_uppercase +
             string.ascii_uppercase +
             '+/'
         ),
 
+        # We don't have a specific sequence for alphabetical
+        # sequences, since those will happen to be caught by the
+        # base64 checks.
+
+        # alphanumeric sequences
+        (string.digits + string.ascii_uppercase) * 2,
+
         # Capturing any number sequences
-        '0123456789' * 2,
+        string.digits * 2,
 
         string.hexdigits.upper() + string.hexdigits.upper(),
         string.ascii_uppercase + '=/',
diff --git a/tests/plugins/common/filters_test.py b/tests/plugins/common/filters_test.py
index b718bbd3..007d4d08 100644
--- a/tests/plugins/common/filters_test.py
+++ b/tests/plugins/common/filters_test.py
@@ -11,11 +11,25 @@ class TestIsSequentialString:
     @pytest.mark.parametrize(
         'secret',
         (
+            # ascii sequence
             'ABCDEF',
+            'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
 
             # Number sequences
             '0123456789',
             '1234567890',
+
+            # Alphanumeric sequences
+            'abcdefghijklmnopqrstuvwxyz0123456789',
+            '0123456789abcdefghijklmnopqrstuvwxyz',
+
+            # Hex sequences
+            '0123456789abcdef',
+            'abcdef0123456789',
+
+            # base64 sequences
+            'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',
+            '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/',
         ),
     )
     def test_success(self, secret):