diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7d308a781..517c342cc 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -37,7 +37,7 @@ repos: # You are encouraged to use static refs such as tags, instead of branch name # # Running "pre-commit autoupdate" would automatically updates rev to latest tag - rev: 0.13.1+ibm.63.dss + rev: 0.13.1+ibm.64.dss hooks: - id: detect-secrets # pragma: whitelist secret # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options. diff --git a/.secrets.baseline b/.secrets.baseline index 75312d946..e52f0e8a4 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "test_data/.*|tests/.*|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-10-02T20:03:24Z", + "generated_at": "2026-03-27T23:43:18Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -242,7 +242,7 @@ } ] }, - "version": "0.13.1+ibm.63.dss", + "version": "0.13.1+ibm.64.dss", "word_list": { "file": null, "hash": null diff --git a/detect_secrets/__init__.py b/detect_secrets/__init__.py index 82c5ba4e6..1a81344da 100644 --- a/detect_secrets/__init__.py +++ b/detect_secrets/__init__.py @@ -1 +1 @@ -VERSION = '0.13.1+ibm.64.dss' +VERSION = '0.13.1+ibm.65.dss' diff --git a/detect_secrets/plugins/box.py b/detect_secrets/plugins/box.py index 03b18636a..f64dd018f 100644 --- a/detect_secrets/plugins/box.py +++ b/detect_secrets/plugins/box.py @@ -1,5 +1,14 @@ -from boxsdk import Client -from boxsdk import JWTAuth +try: + from boxsdk import Client + from boxsdk import JWTAuth + + BOX_SDK_FLAVOR = 'legacy' +except ImportError: + from box_sdk_gen import BoxClient as Client + from box_sdk_gen import BoxJWTAuth as JWTAuth + from box_sdk_gen import JWTConfig + + BOX_SDK_FLAVOR = 'generated' from .base import RegexBasedDetector from detect_secrets.core.constants import VerifiedResult @@ -106,17 +115,33 @@ def get_box_user( clientid, token, enterpriseid, publickeyid, passphrase, privatekey, ): - auth = JWTAuth( - client_id=clientid, - client_secret=token, - enterprise_id=enterpriseid, - jwt_key_id=publickeyid, - rsa_private_key_passphrase=passphrase.encode(), - rsa_private_key_data=privatekey, - ) try: + if BOX_SDK_FLAVOR == 'legacy': + auth = JWTAuth( + client_id=clientid, + client_secret=token, + enterprise_id=enterpriseid, + jwt_key_id=publickeyid, + rsa_private_key_passphrase=passphrase.encode(), + rsa_private_key_data=privatekey, + ) + client = Client(auth) + + return client.user().get().name + + auth = JWTAuth( + config=JWTConfig( + client_id=clientid, + client_secret=token, + enterprise_id=enterpriseid, + jwt_key_id=publickeyid, + private_key_passphrase=passphrase, + private_key=privatekey, + ), + ) client = Client(auth) - return client.user().get().name + + return client.users.get_user_me().name except Exception: return None diff --git a/requirements-dev.txt b/requirements-dev.txt index 64881da75..be06e9005 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -13,7 +13,7 @@ tox-pip-extensions tox>=3.8 unidiff ibm_db -boxsdk[jwt]<4.0.0 +boxsdk[jwt] pyahocorasick tabulate binaryornot diff --git a/setup.py b/setup.py index 76b638b81..07172eb24 100644 --- a/setup.py +++ b/setup.py @@ -26,7 +26,7 @@ 'pyyaml', 'requests', 'urllib3>2.4.0', - 'boxsdk[jwt]<4.0.0', + 'boxsdk[jwt]', 'packaging', 'tabulate', 'binaryornot', diff --git a/tests/plugins/box_test.py b/tests/plugins/box_test.py index 2bf018aff..970d82772 100644 --- a/tests/plugins/box_test.py +++ b/tests/plugins/box_test.py @@ -3,6 +3,7 @@ from detect_secrets.core.constants import VerifiedResult from detect_secrets.core.potential_secret import PotentialSecret +from detect_secrets.plugins.box import BOX_SDK_FLAVOR from detect_secrets.plugins.box import BoxDetector from detect_secrets.plugins.box import find_other_factor from detect_secrets.plugins.box import get_box_user @@ -38,12 +39,27 @@ def test_analyze_line(self, payload, should_flag): @patch('detect_secrets.plugins.box.Client') def test_get_box_user(self, mock_box, mock_jwt): mock_box.return_value.user.return_value.get.return_value.name = 'Testy' + mock_box.return_value.users.get_user_me.return_value.name = 'Testy' assert get_box_user( BOX_CLIENT_ID, BOX_CLIENT_SECRET, BOX_ENTERPRISE_ID, BOX_PUBLIC_KEY_ID, BOX_PASSPHRASE, BOX_PRIVATE_KEY, ) == 'Testy' + @patch('detect_secrets.plugins.box.JWTAuth') + def test_get_box_user_auth_format(self, mock_jwt): + with patch('detect_secrets.plugins.box.Client'): + get_box_user( + BOX_CLIENT_ID, BOX_CLIENT_SECRET, BOX_ENTERPRISE_ID, + BOX_PUBLIC_KEY_ID, BOX_PASSPHRASE, BOX_PRIVATE_KEY, + ) + + kwargs = mock_jwt.call_args.kwargs + if BOX_SDK_FLAVOR == 'legacy': + assert kwargs['rsa_private_key_passphrase'] == BOX_PASSPHRASE.encode() + else: + assert 'config' in kwargs + @patch('detect_secrets.plugins.box.JWTAuth') @patch('detect_secrets.plugins.box.Client') def test_get_box_user_invalid_creds(self, mock_box, mock_jwt): @@ -58,6 +74,7 @@ def test_get_box_user_invalid_creds(self, mock_box, mock_jwt): @patch('detect_secrets.plugins.box.Client') def test_verify(self, mock_box, mock_jwt): mock_box.return_value.user.return_value.get.return_value.name = 'Testy' + mock_box.return_value.users.get_user_me.return_value.name = 'Testy' potential_secret = PotentialSecret('test box', 'test filename', BOX_CLIENT_SECRET) diff --git a/user-config/.pre-commit-config.yaml b/user-config/.pre-commit-config.yaml index b96dd6d3e..fb9a5527a 100644 --- a/user-config/.pre-commit-config.yaml +++ b/user-config/.pre-commit-config.yaml @@ -10,7 +10,7 @@ repos: # You are encouraged to use static refs such as tags, instead of branch name # # Running "pre-commit autoupdate" automatically updates rev to latest tag - rev: 0.13.1+ibm.64.dss + rev: 0.13.1+ibm.65.dss hooks: - id: detect-secrets # pragma: whitelist secret # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options.