feat(client): add all_secrets option to content_scan and multi_content_scan

Author: gg-mmill

changelog.d/20241014_101918_mathias.millet_handle_excluded_policy_breaks.md

@@ -19,6 +19,7 @@ Uncomment the section that is right (remove the HTML comment wrapper).
 
 ### Changed
 
+- `content_scan` and `multi_content_scan` now accept `all_secrets` parameter.
 - `PolicyBreak` now contains two new fields: `is_excluded` and `exclude_reason`.
 <!--
 

pygitguardian/client.py

@@ -357,6 +357,7 @@ def content_scan(
         self,
         document: str,
         filename: Optional[str] = None,
+        all_secrets: Optional[bool] = None,
         extra_headers: Optional[Dict[str, str]] = None,
     ) -> Union[Detail, ScanResult]:
         """
@@ -368,6 +369,7 @@ def content_scan(
         :param filename: name of file, example: "intro.py"
         :param document: content of file
         :param extra_headers: additional headers to add to the request
+        :param all_secrets: indicates whether all secrets should be returned
         :return: Detail or ScanResult response and status code
         """
 
@@ -379,6 +381,9 @@ def content_scan(
         DocumentSchema.validate_size(
             request_obj, self.secret_scan_preferences.maximum_document_size
         )
+        params = {}
+        if all_secrets is not None:
+            params["all_secrets"] = all_secrets
 
         resp = self.post(
             endpoint="scan",
@@ -401,6 +406,7 @@ def multi_content_scan(
         documents: List[Dict[str, str]],
         extra_headers: Optional[Dict[str, str]] = None,
         ignore_known_secrets: Optional[bool] = None,
+        all_secrets: Optional[bool] = None,
     ) -> Union[Detail, MultiScanResult]:
         """
         multi_content_scan handles the /multiscan endpoint of the API.
@@ -413,6 +419,7 @@ def multi_content_scan(
             example: [{"document":"example content","filename":"intro.py"}]
         :param extra_headers: additional headers to add to the request
         :param ignore_known_secrets: indicates whether known secrets should be ignored
+        :param all_secrets: indicates whether all secrets should be returned
         :return: Detail or ScanResult response and status code
         """
         max_documents = self.secret_scan_preferences.maximum_documents_per_scan
@@ -433,11 +440,13 @@ def multi_content_scan(
                 document, self.secret_scan_preferences.maximum_document_size
             )
 
-        params = (
-            {"ignore_known_secrets": ignore_known_secrets}
-            if ignore_known_secrets
-            else {}
-        )
+        params = {}
+        if ignore_known_secrets is not None:
+            params["ignore_known_secrets"] = ignore_known_secrets
+        if all_secrets is not None:
+            params["all_secrets"] = all_secrets
+
+        print("PARAMS", params)
         resp = self.post(
             endpoint="multiscan",
             data=request_obj,

tests/test_client.py

@@ -575,19 +575,25 @@ def test_extra_headers(
 
 
 @responses.activate
-def test_multiscan_parameters(
-    client: GGClient,
-):
+@pytest.mark.parametrize("ignore_known_secrets", (None, True, False))
+@pytest.mark.parametrize("all_secrets", (None, True, False))
+def test_multiscan_parameters(client: GGClient, ignore_known_secrets, all_secrets):
     """
     GIVEN a ggclient
     WHEN calling multi_content_scan with parameters
     THEN the parameters are passed in the request
     """
 
+    to_match = {}
+    if ignore_known_secrets is not None:
+        to_match["ignore_known_secrets"] = ignore_known_secrets
+    if all_secrets is not None:
+        to_match["all_secrets"] = all_secrets
+
     mock_response = responses.post(
         url=client._url_from_endpoint("multiscan", "v1"),
         status=200,
-        match=[matchers.query_param_matcher({"ignore_known_secrets": True})],
+        match=[matchers.query_param_matcher(to_match)],
         json=[
             {
                 "policy_break_count": 1,
@@ -610,7 +616,8 @@ def test_multiscan_parameters(
 
     client.multi_content_scan(
         [{"filename": FILENAME, "document": DOCUMENT}],
-        ignore_known_secrets=True,
+        ignore_known_secrets=ignore_known_secrets,
+        all_secrets=all_secrets,
     )
 
     assert mock_response.call_count == 1