pre-commit/pre-commit-hooks
1
0
Fork 0
mirror of https://github.com/pre-commit/pre-commit-hooks.git synced 2026-04-08 12:34:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #85 from deanwilson/aws_detected_filenames

Browse source 
Show names of files containing aws credentials
This commit is contained in:
Anthony Sottile 2015-10-28 09:50:57 -07:00
commit 29bf11d136
1 changed files with 18 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

25
pre_commit_hooks/detect_aws_credentials.py
View file

@ -24,14 +24,17 @@ def get_your_keys(credentials_file):
return keys return keys
def check_file_for_aws_keys(filename, keys): def check_file_for_aws_keys(filenames, keys):
bad_files = []
for filename in filenames:
with open(filename, 'r') as content: with open(filename, 'r') as content:
# naively match the entire file, chances be so slim
# of random characters matching your flipping key.
text_body = content.read() text_body = content.read()
if any(key in text_body for key in keys): if any(key in text_body for key in keys):
return 1 # naively match the entire file, low chance of incorrect collision
return 0 bad_files.append(filename)
return bad_files
def main(argv=None): def main(argv=None):
@ -48,11 +51,13 @@ def main(argv=None):
if not keys: if not keys:
return 2 return 2
retv = 0 bad_filenames = check_file_for_aws_keys(args.filenames, keys)
for filename in args.filenames: if bad_filenames:
retv |= check_file_for_aws_keys(filename, keys) for bad_file in bad_filenames:
return retv print('AWS secret key found: {0}'.format(bad_file))
return 1
else:
return 0
if __name__ == '__main__': if __name__ == '__main__':
exit(main()) exit(main())