Add detect-secrets config (#108)

Author: zdc217

.github/workflows/detect-secrets.yaml

@@ -0,0 +1,22 @@
+name: Detect Secrets
+
+on: pull_request
+
+jobs:
+  detect-secrets:
+    runs-on: ubuntu-22.04
+    container: python:latest
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+    - name: Install Yelp's detect secrets
+      run: |
+        apt-get update && apt-get install -y jq
+        pip install yq
+        pip install detect-secrets==$(yq -r .repos[0].rev .pre-commit-config.yaml)
+
+    - name: Detect potential secrets
+      run: git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline

.pre-commit-config.yaml

@@ -0,0 +1,6 @@
+repos:
+-   repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+    -   id: detect-secrets
+        args: ['--baseline', '.secrets.baseline']

.secrets.baseline

@@ -0,0 +1,127 @@
+{
+  "version": "1.5.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "GitLabTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "IPPublicDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "OpenAIDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "PypiTokenDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TelegramBotTokenDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {},
+  "generated_at": "2024-07-24T18:56:11Z"
+}

cassettes/test_connectivity.yaml

@@ -18,7 +18,7 @@ interactions:
     uri: https://help.uillinois.edu/SBTDWebApi/api/auth
   response:
     body:
-      string: !!binary |
+      string: !!binary |  # pragma: allowlist secret
         H4sIAN5ri2QC/0ut9MpIck/O9M/08gyt8jT0y/Qs9swLMk129jTzzC6ICHP2stRLrfTKSfVwzPTP
         8jT0dUmv8A/xLPd1cbLUy48KSdI1T8mpKvRISQ5394kI8851LDXLNfQqDTGqjE8vNffUDYn0czML
         yQYA/EJXWGkAAAA=
@@ -77,7 +77,7 @@ interactions:
     uri: https://help.uillinois.edu/SBTDWebApi/api/auth
   response:
     body:
-      string: !!binary |
+      string: !!binary |  # pragma: allowlist secret
         H4sIAN5ri2QC/0ut9MpIck/O9M/08gyt8jT0y/Qs9swLMk129jTzzC6ICHP2stRLrfTKSfVwzPTP
         8jT0dUmv8A/xLPd1cbLUy48KSdI1T8mpKvRISQ5394kI8851LDXLNfQqDTGqjE8vNffUDYn0czML
         yQYA/EJXWGkAAAA=

cassettes/test_create_ticket.yaml

@@ -18,7 +18,7 @@ interactions:
     uri: https://help.uillinois.edu/SBTDWebApi/api/auth
   response:
     body:
-      string: !!binary |
+      string: !!binary |  # pragma: allowlist secret
         H4sIAJr82GUC/0ut9MpIck/O9M/08gyt8jT0y/Qs9swLMk129jTzzC6ICHP2stRLrfTKSfVwzPTP
         8jT0dUmv8A/xLPd1cbLUy48KSdI1T8mpKvRISQ5394kI8851LDXLNfQqDTGqjE8vNffUDYn0czML
         yQYA/EJXWGkAAAA=

cassettes/test_create_ticket_defaults.yaml

@@ -18,7 +18,7 @@ interactions:
     uri: https://help.uillinois.edu/SBTDWebApi/api/auth
   response:
     body:
-      string: !!binary |
+      string: !!binary |  # pragma: allowlist secret
         H4sIAKQH2WUC/0ut9MpIck/O9M/08gyt8jT0y/Qs9swLMk129jTzzC6ICHP2stRLrfTKSfVwzPTP
         8jT0dUmv8A/xLPd1cbLUy48KSdI1T8mpKvRISQ5394kI8851LDXLNfQqDTGqjE8vNffUDYn0czML
         yQYA/EJXWGkAAAA=

cassettes/test_failed_create.yaml

@@ -18,7 +18,7 @@ interactions:
     uri: https://help.uillinois.edu/SBTDWebApi/api/auth
   response:
     body:
-      string: !!binary |
+      string: !!binary |  # pragma: allowlist secret
         H4sIAOxri2QC/0ut9MpIck/O9M/08gyt8jT0y/Qs9swLMk129jTzzC6ICHP2stRLrfTKSfVwzPTP
         8jT0dUmv8A/xLPd1cbLUy48KSdI1T8mpKvRISQ5394kI8851LDXLNfQqDTGqjE8vNffUDYn0czML
         yQYA/EJXWGkAAAA=

cassettes/test_failed_update.yaml

@@ -18,7 +18,7 @@ interactions:
     uri: https://help.uillinois.edu/SBTDWebApi/api/auth
   response:
     body:
-      string: !!binary |
+      string: !!binary |  # pragma: allowlist secret
         H4sIAPBri2QC/0ut9MpIck/O9M/08gyt8jT0y/Qs9swLMk129jTzzC6ICHP2stRLrfTKSfVwzPTP
         8jT0dUmv8A/xLPd1cbLUy48KSdI1T8mpKvRISQ5394kI8851LDXLNfQqDTGqjE8vNffUDYn0czML
         yQYA/EJXWGkAAAA=

cassettes/test_reassign_group.yaml

@@ -18,7 +18,7 @@ interactions:
     uri: https://help.uillinois.edu/SBTDWebApi/api/auth
   response:
     body:
-      string: !!binary |
+      string: !!binary |  # pragma: allowlist secret
         H4sIALKWumUC/0ut9MpIck/O9M/08gyt8jT0y/Qs9swLMk129jTzzC6ICHP2stRLrfTKSfVwzPTP
         8jT0dUmv8A/xLPd1cbLUy48KSdI1T8mpKvRISQ5394kI8851LDXLNfQqDTGqjE8vNffUDYn0czML
         yQYA/EJXWGkAAAA=

cassettes/test_reassign_user.yaml

@@ -18,7 +18,7 @@ interactions:
     uri: https://help.uillinois.edu/SBTDWebApi/api/auth
   response:
     body:
-      string: !!binary |
+      string: !!binary |  # pragma: allowlist secret
         H4sIALWWumUC/0ut9MpIck/O9M/08gyt8jT0y/Qs9swLMk129jTzzC6ICHP2stRLrfTKSfVwzPTP
         8jT0dUmv8A/xLPd1cbLUy48KSdI1T8mpKvRISQ5394kI8851LDXLNfQqDTGqjE8vNffUDYn0czML
         yQYA/EJXWGkAAAA=