Fix bug secrets escape (#359)

* fixed a bug with unescaped charachters * add tests * clarify test
demisto · Apr 22, 2020 · d73db48 · d73db48
1 parent 2e5aa90
commit d73db48
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 3 deletions.
diff --git a/demisto_sdk/commands/secrets/secrets.py b/demisto_sdk/commands/secrets/secrets.py
@@ -224,7 +224,7 @@ def remove_whitelisted_items_from_file(file_content: str, secrets_white_list: se
             str: The file content with the whitelisted items removed.
         """
         for item in secrets_white_list:
-            file_content = re.sub(WHILEIST_REGEX.format(item), '', file_content)
+            file_content = re.sub(WHILEIST_REGEX.format(re.escape(item)), '', file_content)
         return file_content
 
     @staticmethod

diff --git a/demisto_sdk/commands/secrets/tests/secrets_test.py b/demisto_sdk/commands/secrets/tests/secrets_test.py
@@ -8,7 +8,15 @@
 from demisto_sdk.commands.secrets.secrets import SecretsValidator
 
 
-def create_whitelist_secrets_file(file_path, urls=[], ips=[], files=[], generic_strings=[]):
+def create_whitelist_secrets_file(file_path, urls=None, ips=None, files=None, generic_strings=None):
+    if files is None:
+        files = []
+    if urls is None:
+        urls = []
+    if ips is None:
+        ips = []
+    if generic_strings is None:
+        generic_strings = []
     with io.open(file_path, 'w') as f:
         secrets_content = dict(
             files=files,
@@ -172,7 +180,28 @@ def test_remove_white_list_regex(self):
         shmoop
         155.165.45.232
         '''
-        file_contents = self.validator.remove_whitelisted_items_from_file(white_list, file_contents)
+        file_contents = self.validator.remove_whitelisted_items_from_file(file_contents, {white_list})
+        assert white_list not in file_contents
+
+    def test_remove_whitelisted_items_from_file_escaped_whitelist(self):
+        """
+        Given
+        - White list with a term that can be regex (***.).
+        - String with no content
+
+        When
+        - Removing terms containing that regex
+
+        Then
+        - Ensure secrets that the secret isn't in the output.
+        - Ensure no error raised
+        """
+        white_list = '***.url'
+        file_contents = '''
+        Random and unmeaningful file content
+        a string containing ***.url
+        '''
+        file_contents = self.validator.remove_whitelisted_items_from_file(file_contents, {white_list})
         assert white_list not in file_contents
 
     def test_remove_whitelisted_items_from_file_substring(self):