Detect-secrets

May 22nd, 2019

:newspaper: News

- `whitelist`/`blacklist` have been replaced with `allowlist`/`denylist` ([178], thanks [richo]).
This includes using ` pragma: allowlist secret` now for inline allowlisting.
` pragma: whitelist secret` compatibility will be removed in a later major version bump.

:tada: New Features

- Added a `StripeDetector` plugin ([169], thanks [dgzlopes])
- Improved handling of un-scannable files ([176], thanks [dgzlopes])

:snake: Miscellaneous

- Improved documentation of regex based detector's in the README ([177], thanks [dgzlopes])

[169]: https://github.com/Yelp/detect-secrets/pull/169
[176]: https://github.com/Yelp/detect-secrets/pull/176
[177]: https://github.com/Yelp/detect-secrets/pull/177
[178]: https://github.com/Yelp/detect-secrets/pull/178

May 13th, 2019

:tada: New Features

- Added an `ArtifactoryDetector` plugin ([157] and [163], thanks [justineyster])
- Added support for Golang string assignments in the `KeywordDetector` plugin ([162], thanks [baboateng])
- Added support for XML inline whitelisting comments ([152], thanks [killuazhu])
- Added support for text after inline whitelisting comments ([168], thanks [dgzlopes])

:bug: Bugfixes

- Fixed a bug where filetype detection failed due to an inconsistent `configparser` import ([155], thanks [Namburgesas])

:snake: Miscellaneous
- **Greatly** improved the readability of regular expressions in the `KeywordDetector` plugin, and the maintainability of the corresponding test ([160] and [161], thanks [baboateng])
- Added a contribution guide ([166], thanks [zioalex])
- Documented all of our inline whitelisting directives ([165] and [172], thanks [dgzlopes])

[152]: https://github.com/Yelp/detect-secrets/pull/152
[155]: https://github.com/Yelp/detect-secrets/pull/155
[157]: https://github.com/Yelp/detect-secrets/pull/157
[160]: https://github.com/Yelp/detect-secrets/pull/160
[161]: https://github.com/Yelp/detect-secrets/pull/161
[162]: https://github.com/Yelp/detect-secrets/pull/162
[163]: https://github.com/Yelp/detect-secrets/pull/163
[165]: https://github.com/Yelp/detect-secrets/pull/165
[166]: https://github.com/Yelp/detect-secrets/pull/166
[168]: https://github.com/Yelp/detect-secrets/pull/168
[172]: https://github.com/Yelp/detect-secrets/pull/172

March 21st, 2019

:bug: Bugfixes

- Fixed a bug where the improved performance for high-entropy strings ([144]) did not work on Python 2 ([147])

[147]: https://github.com/Yelp/detect-secrets/pull/147

March 21st, 2019

:tada: New Features

- Added a `--keyword-exclude` argument to `scan` ([132], thanks [hpandeycodeit])

:telescope: Accuracy

- For the `KeywordDetector` plugin: made quotes required for secrets in `.cls` and `.java` files, and skipped `{{secrets like this}}` in YAML files ([133]/[145])

:performing_arts: Performance

- Improved performance when scanning for high-entropy strings ([144], thanks [killuazhu])

:bug: Bugfixes

- Fixed an uncaught `UnicodeEncodeError` exception in our `ini` file parser, when using Python 2 ([143])

:snake: Miscellaneous

- Fixed the example pre-commit configuration in the README ([135], thanks [nymous]) ([138], thanks [neunkasulle])
- Refactored some `audit` code into `CodeSnippet` and `CodeSnippetHighlighter` classes ([137])

[132]: https://github.com/Yelp/detect-secrets/pull/132
[133]: https://github.com/Yelp/detect-secrets/pull/133
[135]: https://github.com/Yelp/detect-secrets/pull/135
[137]: https://github.com/Yelp/detect-secrets/pull/137
[138]: https://github.com/Yelp/detect-secrets/pull/138
[143]: https://github.com/Yelp/detect-secrets/pull/143
[144]: https://github.com/Yelp/detect-secrets/pull/144
[145]: https://github.com/Yelp/detect-secrets/pull/145

February 11th, 2019

:tada: New Features

- Added a `SlackDetector` plugin ([122], thanks [killuazhu])
- Added a `--use-all-plugins` argument to `--update` that adds all plugins to the baseline ([124], thanks [killuazhu])
- Added `--exclude-files` and `--exclude-lines` arguments to `scan` ([127])

:boom: Breaking Changes

- Removed the `--exclude` CLI scan argument ([127])

:telescope: Accuracy

- Reduced false-positives by excluding more characters (`!$&\';`) in the `BasicAuthDetector` regex ([126], [123], thanks [killuazhu])
- Added more to the `FALSE_POSITIVES` dict for the `KeywordDetector` plugin, **including** `password` ([118])

:bug: Bugfixes

- Fixed a bug where `--update` was adding all plugins to the baseline, instead of respecting the plugins used in the baseline ([124], thanks [killuazhu])
- Fixed an uncaught `UnicodeEncodeError` exception when scanning non-ini files (e.g. markdown) containing unicode, when using Python 2 ([128], thanks [killuazhu])
- Fixed a bug where non-ini files (e.g. markdown) containing unicode caused a `UnicodeEncodeError` exception in the `audit` functionality, when using Python 2 ([129], thanks [killuazhu])
- Fixed a bug where non-posix end of line characters caused a "Secret not found on line...." error in the `audit` functionality ([120], thanks [killuazhu])
- Fixed a bug where `scan_diff`, called by [`detect-secrets-server`](https://github.com/Yelp/detect-secrets-server), was ignoring inline `pragma: whitelist secret` comments ([#127])

:snake: Miscellaneous

- Relaxed the number of spaces before inline `pragma: whitelist secret` comment ([125], thanks [killuazhu]]
- Added Python 3.7 to Travis CI and `tox.ini` testing ([114], thanks [cclauss])
- [Increased minimum test coverage from 97% to 98%](https://github.com/Yelp/detect-secrets/commit/876b523366057f8c0da14a36e3c972c3e74dfb77)

[114]: https://github.com/Yelp/detect-secrets/pull/114
[118]: https://github.com/Yelp/detect-secrets/pull/118
[120]: https://github.com/Yelp/detect-secrets/pull/120
[122]: https://github.com/Yelp/detect-secrets/pull/122
[123]: https://github.com/Yelp/detect-secrets/pull/123
[124]: https://github.com/Yelp/detect-secrets/pull/124
[125]: https://github.com/Yelp/detect-secrets/pull/125
[126]: https://github.com/Yelp/detect-secrets/pull/126
[127]: https://github.com/Yelp/detect-secrets/pull/127
[128]: https://github.com/Yelp/detect-secrets/pull/128
[129]: https://github.com/Yelp/detect-secrets/pull/129

January 7th, 2019

:bug: Bugfixes
- Fixed a `TypeError` bug introduced in [111] ([116])

[116]: https://github.com/Yelp/detect-secrets/pull/116