From d754ed5ab25999ad57976086ca8ab6000281aeb2 Mon Sep 17 00:00:00 2001
From: Mathias Millet <mathias.millet@gitguardian.com>
Date: Mon, 14 Oct 2024 09:46:53 +0200
Subject: [PATCH 1/3] fix(models): fix load_default for incident_url

---
 pygitguardian/models.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pygitguardian/models.py b/pygitguardian/models.py
index 0d8b4196..9e3b53ae 100644
--- a/pygitguardian/models.py
+++ b/pygitguardian/models.py
@@ -260,7 +260,7 @@ class PolicyBreakSchema(BaseSchema):
     policy = fields.String(required=True)
     validity = fields.String(required=False, load_default=None, dump_default=None)
     known_secret = fields.Boolean(required=False, load_default=False, dump_default=None)
-    incident_url = fields.String(required=False, load_default=False, dump_default=None)
+    incident_url = fields.String(required=False, load_default=None, dump_default=None)
     matches = fields.List(fields.Nested(MatchSchema), required=True)
 
     @post_load

From 90a4f88bf1dfe4e45fb1d14114e7e5e03a582344 Mon Sep 17 00:00:00 2001
From: Mathias Millet <mathias.millet@gitguardian.com>
Date: Mon, 14 Oct 2024 10:16:57 +0200
Subject: [PATCH 2/3] feat(models): handle is_excluded and exclude_reason in
 PolicyBreak

---
 ...as.millet_handle_excluded_policy_breaks.md | 42 +++++++++++++++++++
 pygitguardian/models.py                       |  6 +++
 tests/test_models.py                          | 28 +++++++++++++
 3 files changed, 76 insertions(+)
 create mode 100644 changelog.d/20241014_101918_mathias.millet_handle_excluded_policy_breaks.md

diff --git a/changelog.d/20241014_101918_mathias.millet_handle_excluded_policy_breaks.md b/changelog.d/20241014_101918_mathias.millet_handle_excluded_policy_breaks.md
new file mode 100644
index 00000000..2e5447ac
--- /dev/null
+++ b/changelog.d/20241014_101918_mathias.millet_handle_excluded_policy_breaks.md
@@ -0,0 +1,42 @@
+<!--
+A new scriv changelog fragment.
+
+Uncomment the section that is right (remove the HTML comment wrapper).
+-->
+
+<!--
+### Removed
+
+- A bullet item for the Removed category.
+
+-->
+<!--
+### Added
+
+- A bullet item for the Added category.
+
+-->
+
+### Changed
+
+- `PolicyBreak` now contains two new fields: `is_excluded` and `exclude_reason`.
+<!--
+
+### Deprecated
+
+- A bullet item for the Deprecated category.
+
+-->
+
+<!--
+### Fixed
+
+- A bullet item for the Fixed category.
+
+-->
+<!--
+### Security
+
+- A bullet item for the Security category.
+
+-->
diff --git a/pygitguardian/models.py b/pygitguardian/models.py
index 9e3b53ae..bc10c4d3 100644
--- a/pygitguardian/models.py
+++ b/pygitguardian/models.py
@@ -262,6 +262,8 @@ class PolicyBreakSchema(BaseSchema):
     known_secret = fields.Boolean(required=False, load_default=False, dump_default=None)
     incident_url = fields.String(required=False, load_default=None, dump_default=None)
     matches = fields.List(fields.Nested(MatchSchema), required=True)
+    is_excluded = fields.Boolean(required=False, load_default=False, dump_default=False)
+    exclude_reason = fields.String(required=False, load_default=None, dump_default=None)
 
     @post_load
     def make_policy_break(self, data: Dict[str, Any], **kwargs: Any) -> "PolicyBreak":
@@ -286,6 +288,8 @@ def __init__(
         matches: List[Match],
         known_secret: bool = False,
         incident_url: Optional[str] = None,
+        is_excluded: bool = False,
+        exclude_reason: Optional[str] = None,
         **kwargs: Any,
     ) -> None:
         super().__init__()
@@ -295,6 +299,8 @@ def __init__(
         self.known_secret = known_secret
         self.incident_url = incident_url
         self.matches = matches
+        self.is_excluded = is_excluded
+        self.exclude_reason = exclude_reason
 
     @property
     def is_secret(self) -> bool:
diff --git a/tests/test_models.py b/tests/test_models.py
index 1c1acca9..dbddde79 100644
--- a/tests/test_models.py
+++ b/tests/test_models.py
@@ -111,6 +111,34 @@ def test_document_handle_surrogates(self):
                     "matches": [{"match": "hello", "type": "hello"}],
                 },
             ),
+            (
+                PolicyBreakSchema,
+                PolicyBreak,
+                {
+                    "type": "hello",
+                    "policy": "hello",
+                    "validity": "hey",
+                    "known_secret": True,
+                    "incident_url": "https://api.gitguardian.com/workspace/2/incidents/3",
+                    "matches": [{"match": "hello", "type": "hello"}],
+                    "is_excluded": True,
+                    "exclude_reason": "bad secret",
+                },
+            ),
+            (
+                PolicyBreakSchema,
+                PolicyBreak,
+                {
+                    "type": "hello",
+                    "policy": "hello",
+                    "validity": "hey",
+                    "known_secret": True,
+                    "incident_url": "https://api.gitguardian.com/workspace/2/incidents/3",
+                    "matches": [{"match": "hello", "type": "hello"}],
+                    "is_excluded": False,
+                    "exclude_reason": None,
+                },
+            ),
             (
                 QuotaSchema,
                 Quota,

From f3cbef07ae7fc50c0761ec8e115dfc02cf5fe3ed Mon Sep 17 00:00:00 2001
From: Mathias Millet <mathias.millet@gitguardian.com>
Date: Tue, 15 Oct 2024 17:35:38 +0200
Subject: [PATCH 3/3] feat(client): add all_secrets option to content_scan and
 multi_content_scan

---
 ...as.millet_handle_excluded_policy_breaks.md |  1 +
 pygitguardian/client.py                       | 21 ++++++---
 tests/test_client.py                          | 45 ++++++++++++++++---
 3 files changed, 57 insertions(+), 10 deletions(-)

diff --git a/changelog.d/20241014_101918_mathias.millet_handle_excluded_policy_breaks.md b/changelog.d/20241014_101918_mathias.millet_handle_excluded_policy_breaks.md
index 2e5447ac..26c580f0 100644
--- a/changelog.d/20241014_101918_mathias.millet_handle_excluded_policy_breaks.md
+++ b/changelog.d/20241014_101918_mathias.millet_handle_excluded_policy_breaks.md
@@ -19,6 +19,7 @@ Uncomment the section that is right (remove the HTML comment wrapper).
 
 ### Changed
 
+- `content_scan` and `multi_content_scan` now accept `all_secrets` parameter.
 - `PolicyBreak` now contains two new fields: `is_excluded` and `exclude_reason`.
 <!--
 
diff --git a/pygitguardian/client.py b/pygitguardian/client.py
index c6162fd8..e740928c 100644
--- a/pygitguardian/client.py
+++ b/pygitguardian/client.py
@@ -358,6 +358,8 @@ def content_scan(
         document: str,
         filename: Optional[str] = None,
         extra_headers: Optional[Dict[str, str]] = None,
+        *,
+        all_secrets: Optional[bool] = None,
     ) -> Union[Detail, ScanResult]:
         """
         content_scan handles the /scan endpoint of the API.
@@ -368,6 +370,7 @@ def content_scan(
         :param filename: name of file, example: "intro.py"
         :param document: content of file
         :param extra_headers: additional headers to add to the request
+        :param all_secrets: indicates whether all secrets should be returned
         :return: Detail or ScanResult response and status code
         """
 
@@ -379,11 +382,15 @@ def content_scan(
         DocumentSchema.validate_size(
             request_obj, self.secret_scan_preferences.maximum_document_size
         )
+        params = {}
+        if all_secrets is not None:
+            params["all_secrets"] = all_secrets
 
         resp = self.post(
             endpoint="scan",
             data=request_obj,
             extra_headers=extra_headers,
+            params=params,
         )
 
         obj: Union[Detail, ScanResult]
@@ -401,6 +408,8 @@ def multi_content_scan(
         documents: List[Dict[str, str]],
         extra_headers: Optional[Dict[str, str]] = None,
         ignore_known_secrets: Optional[bool] = None,
+        *,
+        all_secrets: Optional[bool] = None,
     ) -> Union[Detail, MultiScanResult]:
         """
         multi_content_scan handles the /multiscan endpoint of the API.
@@ -413,6 +422,7 @@ def multi_content_scan(
             example: [{"document":"example content","filename":"intro.py"}]
         :param extra_headers: additional headers to add to the request
         :param ignore_known_secrets: indicates whether known secrets should be ignored
+        :param all_secrets: indicates whether all secrets should be returned
         :return: Detail or ScanResult response and status code
         """
         max_documents = self.secret_scan_preferences.maximum_documents_per_scan
@@ -433,11 +443,12 @@ def multi_content_scan(
                 document, self.secret_scan_preferences.maximum_document_size
             )
 
-        params = (
-            {"ignore_known_secrets": ignore_known_secrets}
-            if ignore_known_secrets
-            else {}
-        )
+        params = {}
+        if ignore_known_secrets is not None:
+            params["ignore_known_secrets"] = ignore_known_secrets
+        if all_secrets is not None:
+            params["all_secrets"] = all_secrets
+
         resp = self.post(
             endpoint="multiscan",
             data=request_obj,
diff --git a/tests/test_client.py b/tests/test_client.py
index 071ad61f..cfcd68c3 100644
--- a/tests/test_client.py
+++ b/tests/test_client.py
@@ -575,19 +575,53 @@ def test_extra_headers(
 
 
 @responses.activate
-def test_multiscan_parameters(
-    client: GGClient,
-):
+@pytest.mark.parametrize("all_secrets", (None, True, False))
+def test_scan_parameters(client: GGClient, all_secrets):
+    """
+    GIVEN a ggclient
+    WHEN calling content_scan with parameters
+    THEN the parameters are passed in the request
+    """
+
+    to_match = {}
+    if all_secrets is not None:
+        to_match["all_secrets"] = all_secrets
+
+    mock_response = responses.post(
+        url=client._url_from_endpoint("scan", "v1"),
+        status=200,
+        match=[matchers.query_param_matcher(to_match)],
+    )
+
+    client.content_scan(
+        DOCUMENT,
+        FILENAME,
+        all_secrets=all_secrets,
+    )
+
+    assert mock_response.call_count == 1
+
+
+@responses.activate
+@pytest.mark.parametrize("ignore_known_secrets", (None, True, False))
+@pytest.mark.parametrize("all_secrets", (None, True, False))
+def test_multiscan_parameters(client: GGClient, ignore_known_secrets, all_secrets):
     """
     GIVEN a ggclient
     WHEN calling multi_content_scan with parameters
     THEN the parameters are passed in the request
     """
 
+    to_match = {}
+    if ignore_known_secrets is not None:
+        to_match["ignore_known_secrets"] = ignore_known_secrets
+    if all_secrets is not None:
+        to_match["all_secrets"] = all_secrets
+
     mock_response = responses.post(
         url=client._url_from_endpoint("multiscan", "v1"),
         status=200,
-        match=[matchers.query_param_matcher({"ignore_known_secrets": True})],
+        match=[matchers.query_param_matcher(to_match)],
         json=[
             {
                 "policy_break_count": 1,
@@ -610,7 +644,8 @@ def test_multiscan_parameters(
 
     client.multi_content_scan(
         [{"filename": FILENAME, "document": DOCUMENT}],
-        ignore_known_secrets=True,
+        ignore_known_secrets=ignore_known_secrets,
+        all_secrets=all_secrets,
     )
 
     assert mock_response.call_count == 1