clear cache for plugins scan diff (#230)

bridgecrewio · Nov 21, 2024 · caf2564 · caf2564
1 parent 0868d32
commit caf2564
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/detect_secrets/core/scan.py b/detect_secrets/core/scan.py
@@ -8,6 +8,7 @@
 from typing import Generator
 from typing import Iterable
 from typing import List
+from typing import Optional
 from typing import Set
 from typing import Tuple
 from typing import TYPE_CHECKING
@@ -196,7 +197,7 @@ def scan_diff(diff: str) -> Generator[PotentialSecret, None, None]:
         return
 
     for filename, lines in _get_lines_from_diff(diff):
-        yield from _process_line_based_plugins(lines, filename=filename)
+        yield from _process_line_based_plugins(lines, filename=filename, is_scan_diff=True)
 
 
 def scan_for_allowlisted_secrets_in_file(filename: str) -> Generator[PotentialSecret, None, None]:
@@ -338,6 +339,7 @@ def _get_lines_from_diff(diff: str) -> \
 def _process_line_based_plugins(
     lines: List[Tuple[int, str, bool, bool]],
     filename: str,
+    is_scan_diff: Optional[bool] = False,
 ) -> Generator[PotentialSecret, None, None]:
     line_content = [line[1] for line in lines]
 
@@ -384,6 +386,7 @@ def _process_line_based_plugins(
                     line_number=line_number,
                     context=code_snippet,
                     raw_context=raw_code_snippet,
+                    is_scan_diff=is_scan_diff,
             ):
                 secret.is_removed = is_removed
                 secret.is_added = is_added

diff --git a/detect_secrets/plugins/private_key.py b/detect_secrets/plugins/private_key.py
@@ -75,6 +75,7 @@ def analyze_line(
             line_number: int = 0,
             context: Optional[CodeSnippet] = None,
             raw_context: Optional[CodeSnippet] = None,
+            is_scan_diff: Optional[bool] = False,
             **kwargs: Any,
     ) -> Set[PotentialSecret]:
         output: Set[PotentialSecret] = set()
@@ -86,9 +87,14 @@ def analyze_line(
             ),
         )
 
-        if not output and filename not in self._analyzed_files \
+        to_analyze_line = filename not in self._analyzed_files
+        if is_scan_diff:
+            to_analyze_line = True
+
+        if not output and to_analyze_line \
                 and 0 < self.get_file_size(filename) < PrivateKeyDetector.MAX_FILE_SIZE:
-            self._analyzed_files.add(filename)
+            if not is_scan_diff:
+                self._analyzed_files.add(filename)
             file_content = self.read_file(filename)
             if file_content:
                 output.update(