pre-commit/pre-commit-hooks
1
0
Fork 0
mirror of https://github.com/pre-commit/pre-commit-hooks.git synced 2026-04-08 12:34:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add detect_secret_token

Browse source
This commit is contained in:
Max R 2023-09-06 13:24:58 -04:00
parent 8ef58bed01
commit d4eb9ec4d7
5 changed files with 87 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

41
pre_commit_hooks/detect_secret_token.py Normal file
View file

@ -0,0 +1,41 @@
from __future__ import annotations
import argparse
import re
import sys
from typing import Sequence
# secret token is defined in https://datatracker.ietf.org/doc/html/rfc8959 as:
#
# secret-token-URI = secret-token-scheme ":" token
# secret-token-scheme = "secret-token"
# token = 1*pchar
#
# pchar is defined in https://www.rfc-editor.org/rfc/rfc3986#section-3.3 as:
#
# pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
SECRET_TOKEN_RE = re.compile(
'secret-token:('
r"[A-Za-z0-9\-._~!$&'()*+,;=:@]" # unreserved / sub-delims / ":" / "@"
'|%[0-9A-Fa-f]{2}' # pct-encoded
')+',
)
def main(argv: Sequence[str] | None = None) -> int:
parser = argparse.ArgumentParser()
parser.add_argument('filenames', nargs='*', help='Filenames to check')
args = parser.parse_args(argv)
found = False
for filename in args.filenames:
with open(filename) as f:
if SECRET_TOKEN_RE.match(f.read()):
found = True
print(f'secret-token found: {filename}', file=sys.stderr)
return int(found)
if __name__ == '__main__':
raise SystemExit(main())