pre-commit/pre-commit-hooks
1
0
Fork 0
mirror of https://github.com/pre-commit/pre-commit-hooks.git synced 2026-04-08 20:44:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

use six for config parser, add to reqs

Browse source 
ditch checkign access_key (don't consider these a secret)
don't check line by line, check the whole file in bulk instead
This commit is contained in:
Ara Hayrabedian 2015-06-12 16:24:01 +04:00
parent 95bf20d52d
commit 3078aec57b
2 changed files with 12 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

29
pre_commit_hooks/detect_aws_credentials.py
View file

@ -2,26 +2,25 @@ from __future__ import print_function
from __future__ import unicode_literals from __future__ import unicode_literals
import argparse import argparse
import ConfigParser
import os import os
from six.moves import configparser
def get_your_keys(credentials_file, ignore_access_key=False): def get_your_keys(credentials_file):
""" reads the keys in your credentials file in order to be able to look """ reads the secret keys in your credentials file in order to be able to look
for them in the submitted code. for them in the submitted code.
""" """
aws_credentials_file_path = os.path.expanduser(credentials_file) aws_credentials_file_path = os.path.expanduser(credentials_file)
if not os.path.exists(aws_credentials_file_path): if not os.path.exists(aws_credentials_file_path):
exit(2) exit(2)
parser = ConfigParser.ConfigParser() parser = configparser.ConfigParser()
parser.read(aws_credentials_file_path) parser.read(aws_credentials_file_path)
keys = set() keys = set()
for section in parser.sections(): for section in parser.sections():
if not ignore_access_key:
keys.add(parser.get(section, 'aws_access_key_id'))
keys.add(parser.get(section, 'aws_secret_access_key')) keys.add(parser.get(section, 'aws_secret_access_key'))
print(str(keys))
return keys return keys
@ -29,8 +28,8 @@ def check_file_for_aws_keys(filename, keys):
with open(filename, 'r') as content: with open(filename, 'r') as content:
# naively match the entire file, chances be so slim # naively match the entire file, chances be so slim
# of random characters matching your flipping key. # of random characters matching your flipping key.
for line in content: text_body = content.read()
if any(key in line for key in keys): if any(key in text_body for key in keys):
return 1 return 1
return 0 return 0
@ -41,19 +40,11 @@ def main(argv=None):
parser.add_argument( parser.add_argument(
"--credentials-file", "--credentials-file",
default='~/.aws/credentials', default='~/.aws/credentials',
help="location of aws credentials file from which to get the keys " help="location of aws credentials file from which to get the secret "
"we're looking for", "keys we're looking for",
)
parser.add_argument(
"--ignore-access-key",
action='store_true',
help="if you would like to ignore access keys, as there is "
"occasionally legitimate use for these.",
) )
args = parser.parse_args(argv) args = parser.parse_args(argv)
ignore_access_key = args.ignore_access_key keys = get_your_keys(args.credentials_file)
keys = get_your_keys(args.credentials_file,
ignore_access_key=ignore_access_key)
retv = 0 retv = 0
for filename in args.filenames: for filename in args.filenames:

1
requirements-dev.txt
View file

@ -7,3 +7,4 @@ mock
pre-commit pre-commit
pylint<1.4 pylint<1.4
pytest pytest
six==1.9.0