Merge pull request #85 from deanwilson/aws_detected_filenames

Show names of files containing aws credentials
2026-03-29 18:16:52 +00:00 · 2015-10-28 09:50:57 -07:00 · 2015-10-28 09:50:57 -07:00 · 29bf11d136
commit 29bf11d136
parent edb5d5219e a6665279e7
1 changed files with 18 additions and 13 deletions
--- a/pre_commit_hooks/detect_aws_credentials.py
+++ b/pre_commit_hooks/detect_aws_credentials.py
@ -24,14 +24,17 @@ def get_your_keys(credentials_file):
    return keys


-def check_file_for_aws_keys(filename, keys):
-    with open(filename, 'r') as content:
-        # naively match the entire file, chances be so slim
-        # of random characters matching your flipping key.
-        text_body = content.read()
-        if any(key in text_body for key in keys):
-            return 1
-    return 0
+def check_file_for_aws_keys(filenames, keys):
+    bad_files = []
+
+    for filename in filenames:
+        with open(filename, 'r') as content:
+            text_body = content.read()
+            if any(key in text_body for key in keys):
+                # naively match the entire file, low chance of incorrect collision
+                bad_files.append(filename)
+
+    return bad_files


 def main(argv=None):
@ -48,11 +51,13 @@ def main(argv=None):
    if not keys:
        return 2

-    retv = 0
-    for filename in args.filenames:
-        retv |= check_file_for_aws_keys(filename, keys)
-    return retv
-
+    bad_filenames = check_file_for_aws_keys(args.filenames, keys)
+    if bad_filenames:
+        for bad_file in bad_filenames:
+            print('AWS secret key found: {0}'.format(bad_file))
+        return 1
+    else:
+        return 0

 if __name__ == '__main__':
    exit(main())