Rubygems API Key & logging (#823)

* rubygems

* warnings in deep scanners

* pylint cfg

* lazy logging

* pylin-fix

* error->warning

* step-security/harden-runner@fa2e9d6 # v2.16.0 - 2026.03.16

* fix ci warning

* Update PyPI publish action to version 1.13.0

* Update dependency-review-action to version 4.9.0

* Update cryptography package version to 46.0.6

Author: babenek

.github/workflows/action.yml

@@ -21,7 +21,7 @@ jobs:
     steps:
 
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - 2026.03.16
         with:
           egress-policy: audit
 

.github/workflows/benchmark.yml

@@ -23,7 +23,7 @@ jobs:
     steps:
 
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - 2026.03.16
         with:
           egress-policy: audit
 
@@ -79,7 +79,7 @@ jobs:
     steps:
 
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - 2026.03.16
         with:
           egress-policy: audit
 
@@ -182,7 +182,7 @@ jobs:
     steps:
 
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - 2026.03.16
         with:
           egress-policy: audit
 
@@ -370,7 +370,7 @@ jobs:
     steps:
 
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - 2026.03.16
         with:
           egress-policy: audit
 
@@ -463,10 +463,10 @@ jobs:
 
   run_doc_benchmark:
     runs-on: ubuntu-latest
-    if: ${{ 'push' == github.event_name }} or ${{ 'Samsung/CredSweeper' == github.event.pull_request.head.repo.full_name }}
+    if: ${{ 'push' == github.event_name || 'Samsung/CredSweeper' == github.event.pull_request.head.repo.full_name }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - 2026.03.16
         with:
           egress-policy: audit
 

.github/workflows/check.yml

@@ -22,7 +22,7 @@ jobs:
       # # # MUST be full history to check git workflow
 
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - 2026.03.16
         with:
           egress-policy: audit
 
@@ -93,7 +93,7 @@ jobs:
         run: |
           banner="$(python -m credsweeper --banner | grep CredSweeper | head -1)"
           echo "banner = '${banner}'"
-          if [ "CredSweeper 1.15.1 crc32:58b9cbea" != "${banner}" ]; then
+          if [ "CredSweeper 1.15.2 crc32:cba20e43" != "${banner}" ]; then
             echo "Update the check for '${banner}'"
             exit 1
           fi
@@ -217,4 +217,4 @@ jobs:
 
       - name: Dependency Review
         if: ${{ 'push' != github.event_name }}
-        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 - 2025.11.11
+        uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0 - 2026.03.04

.github/workflows/fuzz.yml

@@ -22,7 +22,7 @@ jobs:
     steps:
 
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - 2026.03.16
         with:
           egress-policy: audit
 

.github/workflows/pypi.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - 2026.03.16
         with:
           egress-policy: audit
 
@@ -45,7 +45,7 @@ jobs:
 
       - name: Publish
         if: ${{ 'release' == github.event_name }}
-        uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 - 2025.09.04
         with:
           user: __token__
           password: ${{ secrets.PYPI_PASSWORD }}

.github/workflows/rottenness.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
 
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - 2026.03.16
         with:
           egress-policy: audit
 

.github/workflows/test.yml

@@ -30,7 +30,7 @@ jobs:
     steps:
 
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - 2026.03.16
         with:
           egress-policy: audit
 
@@ -102,7 +102,7 @@ jobs:
     steps:
 
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 - 2026.02.08
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 - 2026.03.16
         with:
           egress-policy: audit
 

.pylintrc

@@ -1,7 +1,25 @@
 [FORMAT]
 max-line-length=120
-
+max-statements=105
 extension-pkg-allow-list=lxml
 
 [MESSAGES CONTROL]
-disable=R,W0718,W1203,C0415,C0413,C0103,C0114
+disable=C0103,C0114,C0413,R0401,R1705,R1714,R1731,R1730,W0718
+
+[DESIGN]
+min-public-methods=0
+max-public-methods=26
+max-returns=8
+max-locals=29
+max-branches=52
+max-positional-arguments=27
+max-args=27
+max-attributes=25
+max-nested-blocks=6
+max-bool-expr=9
+max-parents=27
+
+[SIMILARITIES]
+min-similarity-lines=7
+ignore-comments=yes
+ignore-imports=yes

credsweeper/__init__.py

@@ -24,4 +24,4 @@
     "__version__"
 ]
 
-__version__ = "1.15.1"
+__version__ = "1.15.2"

credsweeper/app.py

@@ -223,7 +223,7 @@ def run(self, content_provider: AbstractProvider) -> int:
         _empty_list: Sequence[ContentProvider] = []
         file_extractors = content_provider.get_scannable_files(self.config) if content_provider else _empty_list
         if not file_extractors:
-            logger.info(f"No scannable targets for {len(content_provider.paths)} paths")
+            logger.info("No scannable targets for %s paths", len(content_provider.paths))
             return 0
         self.scan(file_extractors)
         self.post_processing()
@@ -250,7 +250,7 @@ def scan(self, content_providers: Sequence[ContentProvider]) -> None:
 
     def __single_job_scan(self, content_providers: Sequence[ContentProvider]) -> None:
         """Performs scan in main thread"""
-        logger.info(f"Scan for {len(content_providers)} providers")
+        logger.info("Scan for %s providers", len(content_providers))
         all_cred = self.files_scan(content_providers)
         self.credential_manager.set_credentials(all_cred)
 
@@ -267,7 +267,7 @@ def __multi_jobs_scan(self, content_providers: Sequence[ContentProvider]) -> Non
                 logging.addLevelName(60, "SILENCE")
             log_kwargs["level"] = self.__log_level
         pool_count = min(self.pool_count, len(content_providers))
-        logger.info(f"Scan in {pool_count} processes for {len(content_providers)} providers")
+        logger.info("Scan in %s processes for %s providers", pool_count, len(content_providers))
         with multiprocessing.get_context("spawn").Pool(processes=pool_count,
                                                        initializer=CredSweeper.pool_initializer,
                                                        initargs=(log_kwargs,)) as pool:  # yapf: disable
@@ -293,7 +293,7 @@ def files_scan(self, content_providers: Sequence[ContentProvider]) -> List[Candi
             if self.__thrifty:
                 provider.free()
             all_cred.extend(candidates)
-        logger.info(f"Completed: processed {len(content_providers)} providers with {len(all_cred)} candidates")
+        logger.info("Completed: processed %s providers with %s candidates", len(content_providers), len(all_cred))
         return all_cred
 
     # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
@@ -335,9 +335,9 @@ def file_scan(self, content_provider: ContentProvider) -> List[Candidate]:
     def post_processing(self) -> None:
         """Machine learning validation for received credential candidates."""
         if purged := self.credential_manager.purge_duplicates():
-            logger.info(f"Purged {purged} duplicates")
+            logger.info("Purged %s duplicates", purged)
         if self._use_ml_validation():
-            logger.info(f"Grouping {len(self.credential_manager.candidates)} candidates")
+            logger.info("Grouping %s candidates", len(self.credential_manager.candidates))
             new_cred_list: List[Candidate] = []
             cred_groups = self.credential_manager.group_credentials()
             ml_cred_groups: List[Tuple[CandidateKey, List[Candidate]]] = []
@@ -353,7 +353,7 @@ def post_processing(self) -> None:
 
             # prevent extra ml_validator creation if ml_cred_groups is empty
             if ml_cred_groups:
-                logger.info(f"Run ML Validation for {len(ml_cred_groups)} groups")
+                logger.info("Run ML Validation for %s groups", len(ml_cred_groups))
                 is_cred, probability = self.ml_validator.validate_groups(ml_cred_groups, self.ml_batch_size)
                 for i, (_, group_candidates) in enumerate(ml_cred_groups):
                     for candidate in group_candidates:
@@ -380,7 +380,7 @@ def export_results(self, change_type: Optional[DiffRowType] = None) -> None:
 
         credentials = self.credential_manager.get_credentials()
 
-        logger.info(f"Exporting {len(credentials)} credentials")
+        logger.info("Exporting %s credentials", len(credentials))
 
         if self.sort_output:
             credentials.sort(key=lambda x: (  #