allow exclude-entropy-patterns to match lines containing partial matc…

…hes (#222)
godaddy · Sep 28, 2021 · d033bbf · d033bbf
1 parent b57ab7a
commit d033bbf
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/tartufo/scanner.py b/tartufo/scanner.py
@@ -296,9 +296,9 @@ def rule_matches(rule: Rule, string: str, path: str) -> bool:
         """
         match = False
         if rule.pattern:
-            match = rule.pattern.match(string) is not None
+            match = rule.pattern.search(string) is not None
         if rule.path_pattern:
-            match = match and rule.path_pattern.match(path) is not None
+            match = match and rule.path_pattern.search(path) is not None
         return match
 
     def entropy_string_is_excluded(self, string: str, path: str) -> bool:
@@ -378,17 +378,20 @@ def scan_entropy(self, chunk: types.Chunk) -> List[Issue]:
 
                 for string in b64_strings:
                     issues += self.evaluate_entropy_string(
-                        chunk, string, BASE64_CHARS, 4.5
+                        chunk, line, string, BASE64_CHARS, 4.5
                     )
 
                 for string in hex_strings:
-                    issues += self.evaluate_entropy_string(chunk, string, HEX_CHARS, 3)
+                    issues += self.evaluate_entropy_string(
+                        chunk, line, string, HEX_CHARS, 3
+                    )
 
         return issues
 
     def evaluate_entropy_string(
         self,
         chunk: types.Chunk,
+        line: str,
         string: str,
         chars: str,
         min_entropy_score: float,
@@ -406,8 +409,8 @@ def evaluate_entropy_string(
         if not self.signature_is_excluded(string, chunk.file_path):
             entropy_score = self.calculate_entropy(string, chars)
             if entropy_score > min_entropy_score:
-                if self.entropy_string_is_excluded(string, chunk.file_path):
-                    self.logger.debug("entropy string %s was excluded", string)
+                if self.entropy_string_is_excluded(line, chunk.file_path):
+                    self.logger.debug("line containing entropy was excluded: %s", line)
                 else:
                     return [Issue(types.IssueType.Entropy, string, chunk)]
         return []

diff --git a/tests/test_base_scanner.py b/tests/test_base_scanner.py
@@ -352,6 +352,13 @@ def test_entropy_string_is_excluded(self):
         excluded = self.scanner.entropy_string_is_excluded("foo", "docs/README.md")
         self.assertEqual(True, excluded)
 
+    def test_entropy_string_is_excluded_given_partial_line_match(self):
+        self.options.exclude_entropy_patterns = [r"docs/.*\.md::line.+?foo"]
+        excluded = self.scanner.entropy_string_is_excluded(
+            "+a line that contains foo", "docs/README.md"
+        )
+        self.assertEqual(True, excluded)
+
     def test_entropy_string_is_not_excluded(self):
         self.options.exclude_entropy_patterns = [r"foo\..*::f.*"]
         excluded = self.scanner.entropy_string_is_excluded("bar", "foo.py")