Add feature to scan line

detect_secrets/core/potential_secret.py

@@ -1,4 +1,5 @@
 import hashlib
+import random
 from typing import Any
 from typing import Dict
 from typing import Optional
@@ -53,7 +54,9 @@ def __init__(
         self.fields_to_compare = ['filename', 'secret_hash', 'type']
 
     def set_secret(self, secret: str) -> None:
-        self.secret_hash: str = self.hash_secret(secret)
+        if(len(secret) > 4):
+            self.secret_hash: str = self.hash_secret(secret)
+            self.secret_redacted: str = self.redact_secret(secret)
 
         # Note: Originally, we never wanted to keep the secret value in memory,
         #       after finding it in the codebase. However, to support verifiable
@@ -70,6 +73,15 @@ def hash_secret(secret: str) -> str:
         """This offers a way to coherently test this class, without mocking self.secret_hash."""
         return hashlib.sha1(secret.encode('utf-8')).hexdigest()
 
+    @staticmethod
+    def redact_secret(secret: str) -> str:
+        temp = secret[2:-2]
+        temp = [k for k in temp]
+        for j in random.sample(range(len(temp) - 1),len(temp)//2):
+            temp[j] = '*'
+        temp=''.join(temp)
+        return secret[0] + secret[1] + temp + secret[-2] + secret[-1]
+
     @classmethod
     def load_secret_from_dict(cls, data: Dict[str, Union[str, int, bool]]) -> 'PotentialSecret':
         """Custom JSON decoder"""
@@ -91,6 +103,7 @@ def load_secret_from_dict(cls, data: Dict[str, Union[str, int, bool]]) -> 'Poten
         output = cls(**kwargs)
         output.secret_value = None
         output.secret_hash = str(data['hashed_secret'])
+        output.secret_redacted = str(data['redacted_secret'])
 
         return output
 
@@ -100,6 +113,7 @@ def json(self) -> Dict[str, Union[str, int, bool]]:
             'type': self.type,
             'filename': self.filename,
             'hashed_secret': self.secret_hash,
+            'redacted_secret': self.secret_redacted,
             'is_verified': self.is_verified,
         }
 

detect_secrets/core/secrets_collection.py

@@ -88,6 +88,10 @@ def scan_diff(self, diff: str) -> None:
                 'installing that package, and try again.',
             )
 
+    def scan_line(self, line: str) -> None:
+        for secret in scan.scan_line(line):
+            self[secret.filename].add(secret)           
+
     def merge(self, old_results: 'SecretsCollection') -> None:
         """
         We operate under an assumption that the latest results are always more accurate,

detect_secrets/plugins/base.py

@@ -57,6 +57,8 @@ def analyze_line(
             is_verified: bool = False
             # If the filter is disabled it means --no-verify flag was passed
             # We won't run verification in that case
+            if(len(match) < 5):
+                return
             if (
                 'detect_secrets.filters.common.is_ignored_due_to_verification_policies'
                 in get_settings().filters

detect_secrets/pre_commit_hook.py

@@ -1,3 +1,4 @@
+#!/usr/bin/env python3
 import argparse
 import json
 import os
@@ -18,6 +19,7 @@
 def main(argv: Optional[List[str]] = None) -> int:
     try:
         args = parse_args(argv)
+        print(args)
     except ValueError:
         return 1
 
@@ -26,7 +28,9 @@ def main(argv: Optional[List[str]] = None) -> int:
 
     # Find all secrets in files to be committed
     secrets = SecretsCollection()
+    args.file
     for filename in args.filenames:
+        print(filename)
         secrets.scan_file(filename)
 
     new_secrets = secrets