Support setting entropy limit for detect-secrets from env

include/secrets_detector

@@ -20,35 +20,35 @@ secretsDetector(){
         exit $EXITCODE
     else
         SECRETS_TEMP_FOLDER="$PROWLER_DIR/secrets-$ACCOUNT_NUM"
-        if [[ ! -d $SECRETS_TEMP_FOLDER ]]; then 
+        if [[ ! -d $SECRETS_TEMP_FOLDER ]]; then
             mkdir $SECRETS_TEMP_FOLDER
-        fi 
+        fi
         PYTHON_PIP_DETECTSECRETS_INSTALLED=1
-        # Sets the entropy limit for high entropy base64 strings. Value
-        # must be between 0.0 and 8.0, defaults is 4.5.
-        BASE64_LIMIT=3.0
-        # Sets the entropy limit for high entropy hex strings. Value
-        # must be between 0.0 and 8.0, defaults is 3.0.
-        HEX_LIMIT=3.0
+        # Sets the entropy limit for high entropy base64 strings from
+        # environment variable BASE64_LIMIT.
+        # Value must be between 0.0 and 8.0, defaults is 4.5.
+        # Sets the entropy limit for high entropy hex strings from
+        # environment variable HEX_LIMIT.
+        # Value must be between 0.0 and 8.0, defaults is 3.0.
         case $1 in
             file )
                 # this is to scan a file
-                detect-secrets scan --hex-limit $HEX_LIMIT --base64-limit $BASE64_LIMIT $2 | \
-                jq -r '.results[]|.[] | [.line_number, .type]|@csv' | wc -l 
+                detect-secrets scan --hex-limit ${HEX_LIMIT:-3.0} --base64-limit ${BASE64_LIMIT:-4.5} $2 | \
+                jq -r '.results[]|.[] | [.line_number, .type]|@csv' | wc -l
                 #jq -r '.results[] | .[] | "\(.line_number)\t\(.type)"'
                 # this command must return values in two colums:
                 # line in file and type of secrets found
                 ;;
             string )
-                # this is to scan a given string 
-                detect-secrets scan --hex-limit $HEX_LIMIT --base64-limit $BASE64_LIMIT --string $2 | \
+                # this is to scan a given string
+                detect-secrets scan --hex-limit ${HEX_LIMIT:-3.0} --base64-limit ${BASE64_LIMIT:-4.5} --string $2 | \
                 grep True| wc -l
             ;;
             folder )
-                # this is to scan a given folder with all lambda files 
-                detect-secrets scan --hex-limit $HEX_LIMIT --base64-limit $BASE64_LIMIT --all-files $2 | \
+                # this is to scan a given folder with all lambda files
+                detect-secrets scan --hex-limit ${HEX_LIMIT:-3.0} --base64-limit ${BASE64_LIMIT:-4.5} --all-files $2 | \
                 jq -r '.results[]|.[] | [.line_number, .type]|@csv' | wc -l
             ;;
-        esac 
-    fi  
-}
+        esac
+    fi
+}