[pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
2026-03-29 10:16:52 +00:00 · 2025-12-12 11:20:25 +00:00 · 2025-12-12 11:20:25 +00:00 · 16d54fd3e5
commit 16d54fd3e5
parent 8f9d35b3b8
2 changed files with 19 additions and 21 deletions
--- a/.pre-commit-hooks.yaml
+++ b/.pre-commit-hooks.yaml
@ -216,4 +216,3 @@
    description: can take in a custom regex file to scan for custom secrets.
    entry: detect-secrets
    langauge: python
-    
--- a/pre_commit_hooks/detect_secrets.py
+++ b/pre_commit_hooks/detect_secrets.py
@ -13,41 +13,40 @@ from pathlib import Path

 DEFAULT_PATTERNS: dict[str, str] = {
    # GitLab
-    "gitlab_pat": r"glpat-[0-9A-Za-z_-]{20,}",
-    "gitlab_runner_token": r"glrt-[0-9A-Za-z_-]{20,}",
+    'gitlab_pat': r'glpat-[0-9A-Za-z_-]{20,}',
+    'gitlab_runner_token': r'glrt-[0-9A-Za-z_-]{20,}',

    # GitHub
-    "github_pat": r"ghp_[0-9A-Za-z]{36}",
-    "github_fine_grained_pat": r"github_pat_[0-9A-Za-z_]{82}",
+    'github_pat': r'ghp_[0-9A-Za-z]{36}',
+    'github_fine_grained_pat': r'github_pat_[0-9A-Za-z_]{82}',

    # AWS
-    "aws_access_key": r"AKIA[0-9A-Z]{16}",
-    "aws_secret_key": r"(?i)aws(.{0,20})?(secret|access)[-_ ]?key(.{0,20})?['\"][0-9a-zA-Z/+]{40}['\"]",
+    'aws_access_key': r'AKIA[0-9A-Z]{16}',
+    'aws_secret_key': r"(?i)aws(.{0,20})?(secret|access)[-_ ]?key(.{0,20})?['\"][0-9a-zA-Z/+]{40}['\"]",

    # Generic
-    "generic_secret": r"(?i)(password|passwd|pwd|secret|token|api[_-]?key)\s*=\s*['\"].+['\"]",
+    'generic_secret': r"(?i)(password|passwd|pwd|secret|token|api[_-]?key)\s*=\s*['\"].+['\"]",
 }


-
 def load_custom_patterns(path: Path) -> dict[str, str]:
    patterns: dict[str, str] = {}
    for i, line in enumerate(path.read_text().splitlines(), start=1):
        line = line.strip()
-        if not line or line.startswith("#"):
+        if not line or line.startswith('#'):
            continue
        patterns[f"custom_rule_{i}"] = line
    return patterns


 def is_binary(data: bytes) -> bool:
-    return b"\x00" in data
+    return b'\x00' in data


 def git_tracked_files() -> list[Path]:
    """Return all git-tracked files in the repo."""
    result = subprocess.run(
-        ["git", "ls-files"],
+        ['git', 'ls-files'],
        stdout=subprocess.PIPE,
        stderr=subprocess.DEVNULL,
        text=True,
@ -57,16 +56,16 @@ def git_tracked_files() -> list[Path]:


 def main(argv: Sequence[str] | None = None) -> int:
-    parser = argparse.ArgumentParser(description="Detect exposed secrets in repository")
+    parser = argparse.ArgumentParser(description='Detect exposed secrets in repository')
    parser.add_argument(
-        "--rules",
+        '--rules',
        type=Path,
-        help="File containing custom regex rules (one per line)",
+        help='File containing custom regex rules (one per line)',
    )
    parser.add_argument(
-        "filenames",
-        nargs="*",
-        help="Files to scan (if empty, scans entire repo)",
+        'filenames',
+        nargs='*',
+        help='Files to scan (if empty, scans entire repo)',
    )

    args = parser.parse_args(argv)
@ -104,14 +103,14 @@ def main(argv: Sequence[str] | None = None) -> int:
        if is_binary(data):
            continue

-        text = data.decode(errors="ignore")
+        text = data.decode(errors='ignore')

        for rule, regex in compiled.items():
            if regex.search(text):
                findings.append((path, rule))

    if findings:
-        print("Potential secrets detected:")
+        print('Potential secrets detected:')
        for path, rule in findings:
            print(f"  - {path} (matched: {rule})")
        return 1
@ -119,5 +118,5 @@ def main(argv: Sequence[str] | None = None) -> int:
    return 0


-if __name__ == "__main__":
+if __name__ == '__main__':
    raise SystemExit(main())