Merge pull request #20 from godaddy/blackify

Format the code with `black`

.pre-commit-config.yaml

@@ -16,7 +16,8 @@ repos:
   rev: v0.730
   hooks:
   - id: mypy
-- repo: https://gitlab.com/pycqa/flake8
-  rev: 3.7.8
+- repo: https://github.com/psf/black
+  rev: stable
   hooks:
-  - id: flake8
+    - id: black
+      language_version: python3.7

.pylintrc

@@ -10,12 +10,14 @@
 # multiple time (only on the command line, not in the configuration file where
 # it should appear only once).
 # C0111: Missing docstrings
+# C0301: Line too long (Note: This is all handled by black now)
+# C0330: Wrong hanging indentation before block (Note: black disagrees on this)
 # R0201: Method could be a function
 # R0903: Too few public methods
 # R0912: Too many branches
 # R0914: Too many local variables
 # W0511: FIXME
-disable=C0111,R0201,R0903,R0912,R0914,W0511
+disable=C0111,C0301,C0330,R0201,R0903,R0912,R0914,W0511
 
 [BASIC]
 

.travis.yml

@@ -22,7 +22,7 @@ jobs:
   include:
     - stage: lint
       python: 3.7
-      env: TOXENV=flake8
+      env: TOXENV=black
     - python: 3.7
       env: TOXENV=mypy
     - python: 3.7

CONTRIBUTING.md

@@ -114,9 +114,15 @@ you:
 
 ### Code Style
 
-Generally speaking, you should follow [PEP 8] when writing code for `tartufo`.
-But the most important thing is to match the style of the surrounding code. Keep
-in mind that all code in this project is scanned by both `flake8` and `pylint`.
+To make code formatting easy on developers, and to simplify the conversation
+around pull request reviews, this project has adopted the
+[black] code formatter. This formatter must be run against any new code written
+for this project. The advantage is, you no longer have to think about how your
+code is styled; it's all handled for you!
+
+To make this easier on you, you can [set up most editors][black-editors] to
+auto-run `black` for you. We have also set up a [pre-commit] hook to run
+automatically on every commit, which is detailed below!
 
 ## Running tests
 
@@ -141,7 +147,7 @@ like the following:
 ```sh
 Tartufo..................................................................Passed
 mypy.....................................................................Passed
-flake8...................................................................Passed
+black....................................................................Passed
 pylint...................................................................Passed
 ```
 
@@ -150,6 +156,8 @@ pylint...................................................................Passed
 - [General GitHub Documentation](https://help.github.com/)
 - [GitHub Pull Request documentation](https://help.github.com/send-pull-requests/)
 
+[black]: https://github.com/psf/black
+[black-editors]: https://github.com/psf/black#editor-integration
 [issues]: https://github.com/godaddy/tartufo/issues
 [PEP 8]: https://www.python.org/dev/peps/pep-0008/
 [pre-commit]: https://pre-commit.com/

pyproject.toml

@@ -11,3 +11,19 @@ json = false
 cleanup = true
 regex = true
 entropy = true
+
+[tool.black]
+target-version = ['py27', 'py35', 'py36', 'py37', 'py38']
+exclude = '''
+/(
+    \.eggs         # exclude a few common directories in the
+    | \.git          # root of the project
+    | \.mypy_cache
+    | \.pytest_cache
+    | \.tox
+    | \.venv
+    | _build
+    | build
+    | dist
+)/
+'''

scripts/searchOrg.py

@@ -19,14 +19,13 @@
     "Facebook Oauth": "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].{0,30}['\"\\s][0-9a-f]{32}['\"\\s]",
     "Twitter Oauth": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].{0,30}['\"\\s][0-9a-zA-Z]{35,44}['\"\\s]",
     "GitHub": "[g|G][i|I][t|T][h|H][u|U][b|B].{0,30}['\"\\s][0-9a-zA-Z]{35,40}['\"\\s]",
-    "Google Oauth": "(\"client_secret\":\"[a-zA-Z0-9-_]{24}\")",
+    "Google Oauth": '("client_secret":"[a-zA-Z0-9-_]{24}")',
     "AWS API Key": "AKIA[0-9A-Z]{16}",
-    "Heroku API Key":
-        "[h|H][e|E][r|R][o|O][k|K][u|U].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}",
+    "Heroku API Key": "[h|H][e|E][r|R][o|O][k|K][u|U].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}",
     "Generic Secret": "[s|S][e|E][c|C][r|R][e|E][t|T].{0,30}['\"\\s][0-9a-zA-Z]{32,45}['\"\\s]",
     "Generic API Key": "[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].{0,30}['\"\\s][0-9a-zA-Z]{32,45}['\"\\s]",
     "Slack Webhook": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}",
-    "Google (GCP) Service-account": "\"type\": \"service_account\"",
+    "Google (GCP) Service-account": '"type": "service_account"',
     "Twilio API Key": "SK[a-z0-9]{32}",
     "Password in URL": "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]",
 }
@@ -36,22 +35,33 @@
 
 
 def get_org_repos(orgname, page):
-    response = requests.get(url='https://api.github.com/users/' + orgname + '/repos?page={}'.format(page))
+    response = requests.get(
+        url="https://api.github.com/users/{}/repos?page={}".format(orgname, page)
+    )
     json = response.json()
     if not json:
         return
     for item in json:
 
-        if item['fork'] is False:  # and reached:
-            print('searching ' + item["html_url"])
-            results = scanner.find_strings(item["html_url"], do_regex=True, custom_regexes=RULES, do_entropy=False,
-                                           max_depth=100000)
+        if item["fork"] is False:  # and reached:
+            print("searching " + item["html_url"])
+            results = scanner.find_strings(
+                item["html_url"],
+                do_regex=True,
+                custom_regexes=RULES,
+                do_entropy=False,
+                max_depth=100000,
+            )
             for issue in results["foundIssues"]:
                 data = loads(open(issue).read())
-                data['github_url'] = "{}/blob/{}/{}".format(item["html_url"], data['commitHash'], data['path'])
-                data['github_commit_url'] = "{}/commit/{}".format(item["html_url"], data['commitHash'])
-                data['diff'] = data['diff'][0:200]
-                data['printDiff'] = data['printDiff'][0:200]
+                data["github_url"] = "{}/blob/{}/{}".format(
+                    item["html_url"], data["commitHash"], data["path"]
+                )
+                data["github_commit_url"] = "{}/commit/{}".format(
+                    item["html_url"], data["commitHash"]
+                )
+                data["diff"] = data["diff"][0:200]
+                data["printDiff"] = data["printDiff"][0:200]
                 print(dumps(data, indent=4))
     get_org_repos(orgname, page + 1)
 

setup.cfg

@@ -1,12 +1,6 @@
 [bdist_wheel]
 universal=1
 
-[flake8]
-exclude=.eggs,.venv,.tox,.*_cache
-max-line-length=120
-max-complexity=13
-ignore=F401,F841,F403,W503,W504
-
 [mypy]
 ignore_missing_imports = True
 

setup.py

@@ -11,41 +11,41 @@
 ]
 
 EXTRAS_REQUIRE = {
-    'tests': [
-        'coverage',
+    "tests": [
+        "black==19.10b0; python_version >= '3.6' and platform_python_implementation == 'CPython'",
+        "coverage",
         "mock; python_version == '2.7'",
         "pre-commit",
-        'pytest',
-        'pytest-cov',
-        'pytest-sugar',
-        'tox',
+        "pytest",
+        "pytest-cov",
+        "pytest-sugar",
+        "tox",
+        "vulture",
     ]
 }
 
 
 def read(filename):
-    with codecs.open(filename, 'r', 'utf-8') as file_handle:
+    with codecs.open(filename, "r", "utf-8") as file_handle:
         return file_handle.read().strip()
 
 
 setup(
-    name='tartufo',
-    version=read('VERSION'),
-    description='tartufo is a tool for scanning git repositories for secrets/passwords/high-entropy data',
-    long_description=read('README.md'),
-    long_description_content_type='text/markdown',
-    url='https://github.com/godaddy/tartufo',
-    download_url='https://pypi.org/project/tartufo/#files',
-    author='GoDaddy',
-    author_email='[email protected]',
-    license='GNU',
-    packages=['tartufo'],
+    name="tartufo",
+    version=read("VERSION"),
+    description="tartufo is a tool for scanning git repositories for secrets/passwords/high-entropy data",
+    long_description=read("README.md"),
+    long_description_content_type="text/markdown",
+    url="https://github.com/godaddy/tartufo",
+    download_url="https://pypi.org/project/tartufo/#files",
+    author="GoDaddy",
+    author_email="[email protected]",
+    license="GNU",
+    packages=["tartufo"],
     install_requires=INSTALL_REQUIRES,
-    setup_requires='',
+    setup_requires="",
     extras_require=EXTRAS_REQUIRE,
-    entry_points={
-        'console_scripts': ['tartufo = tartufo.cli:main'],
-    },
+    entry_points={"console_scripts": ["tartufo = tartufo.cli:main"],},
     classifiers=[
         "Development Status :: 3 - Alpha",
         "Environment :: Console",
@@ -61,5 +61,5 @@ def read(filename):
         "Programming Language :: Python :: 3.8",
         "Topic :: Security",
         "Topic :: Software Development :: Version Control :: Git",
-    ]
+    ],
 )

tartufo/cli.py

@@ -10,56 +10,94 @@
 from tartufo import config, scanner, util
 
 
-err = partial(click.secho, fg="red", bold=True, err=True)  # pylint: disable=invalid-name
+err = partial(  # pylint: disable=invalid-name
+    click.secho, fg="red", bold=True, err=True
+)
 
 
-@click.command(name="tartufo",  # noqa: C901
-               context_settings=dict(help_option_names=["-h", "--help"]))
+@click.command(
+    name="tartufo",  # noqa: C901
+    context_settings=dict(help_option_names=["-h", "--help"]),
+)
 @click.option("--json/--no-json", help="Output in JSON format.", is_flag=True)
-@click.option("--rules", multiple=True, type=click.File("r"),
-              help="Path(s) to regex rules json list file(s).")
-@click.option("--default-regexes/--no-default-regexes", is_flag=True, default=True,
-              help="Whether to include the default regex list when configuring"
-                   " search patterns. Only applicable if --rules is also specified."
-                   " [default: --default-regexes]")
-@click.option("--entropy/--no-entropy", is_flag=True, default=True,
-              help="Enable entropy checks. [default: True]")
-@click.option("--regex/--no-regex", is_flag=True, default=False,
-              help="Enable high signal regexes checks. [default: False]")
+@click.option(
+    "--rules",
+    multiple=True,
+    type=click.File("r"),
+    help="Path(s) to regex rules json list file(s).",
+)
+@click.option(
+    "--default-regexes/--no-default-regexes",
+    is_flag=True,
+    default=True,
+    help="Whether to include the default regex list when configuring"
+    " search patterns. Only applicable if --rules is also specified."
+    " [default: --default-regexes]",
+)
+@click.option(
+    "--entropy/--no-entropy",
+    is_flag=True,
+    default=True,
+    help="Enable entropy checks. [default: True]",
+)
+@click.option(
+    "--regex/--no-regex",
+    is_flag=True,
+    default=False,
+    help="Enable high signal regexes checks. [default: False]",
+)
 @click.option("--since-commit", help="Only scan from a given commit hash.")
-@click.option("--max-depth", default=1000000,
-              help="The max commit depth to go back when searching for secrets."
-                   " [default: 1000000]")
+@click.option(
+    "--max-depth",
+    default=1000000,
+    help="The max commit depth to go back when searching for secrets."
+    " [default: 1000000]",
+)
 @click.option("--branch", help="Specify a branch name to scan only that branch.")
-@click.option("-i", "--include-paths", type=click.File("r"),
-              help="File with regular expressions (one per line), at least one of "
-                   "which must match a Git object path in order for it to be scanned; "
-                   "lines starting with '#' are treated as comments and are ignored. "
-                   "If empty or not provided (default), all Git object paths are "
-                   "included unless otherwise excluded via the --exclude-paths option.")
-@click.option("-x", "--exclude-paths", type=click.File("r"),
-              help="File with regular expressions (one per line), none of which may "
-                   "match a Git object path in order for it to be scanned; lines "
-                   "starting with '#' are treated as comments and are ignored. If "
-                   "empty or not provided (default), no Git object paths are excluded "
-                   "unless effectively excluded via the --include-paths option.")
-@click.option("--repo-path",
-              type=click.Path(
-                  exists=True,
-                  file_okay=False,
-                  resolve_path=True,
-                  allow_dash=False
-              ),
-              help="Path to local repo clone. If provided, git_url will not be used.")
-@click.option("--cleanup/--no-cleanup", is_flag=True, default=False,
-              help="Clean up all temporary result files. [default: False]")
-@click.option("--pre-commit", is_flag=True, default=False,
-              help="Scan staged files in local repo clone.")
-@click.option("--config",
-              type=click.File(mode='r'),
-              is_eager=True,
-              callback=config.read_pyproject_toml,
-              help="Read configuration from specified file. [default: pyproject.toml]")
+@click.option(
+    "-i",
+    "--include-paths",
+    type=click.File("r"),
+    help="File with regular expressions (one per line), at least one of "
+    "which must match a Git object path in order for it to be scanned; "
+    "lines starting with '#' are treated as comments and are ignored. "
+    "If empty or not provided (default), all Git object paths are "
+    "included unless otherwise excluded via the --exclude-paths option.",
+)
+@click.option(
+    "-x",
+    "--exclude-paths",
+    type=click.File("r"),
+    help="File with regular expressions (one per line), none of which may "
+    "match a Git object path in order for it to be scanned; lines "
+    "starting with '#' are treated as comments and are ignored. If "
+    "empty or not provided (default), no Git object paths are excluded "
+    "unless effectively excluded via the --include-paths option.",
+)
+@click.option(
+    "--repo-path",
+    type=click.Path(exists=True, file_okay=False, resolve_path=True, allow_dash=False),
+    help="Path to local repo clone. If provided, git_url will not be used.",
+)
+@click.option(
+    "--cleanup/--no-cleanup",
+    is_flag=True,
+    default=False,
+    help="Clean up all temporary result files. [default: False]",
+)
+@click.option(
+    "--pre-commit",
+    is_flag=True,
+    default=False,
+    help="Scan staged files in local repo clone.",
+)
+@click.option(
+    "--config",
+    type=click.File(mode="r"),
+    is_eager=True,
+    callback=config.read_pyproject_toml,
+    help="Read configuration from specified file. [default: pyproject.toml]",
+)
 @click.argument("git_url", required=False)
 @click.pass_context
 def main(ctx, **kwargs):
@@ -79,8 +117,7 @@ def main(ctx, **kwargs):
         ctx.exit(1)
     try:
         rules_regexes = config.configure_regexes_from_args(
-            kwargs,
-            truffleHogRegexes.regexChecks.regexes
+            kwargs, truffleHogRegexes.regexChecks.regexes
         )
     except ValueError as exc:
         err(str(exc))