pre-commit/pre-commit-hooks
1
0
Fork 0
mirror of https://github.com/pre-commit/pre-commit-hooks.git synced 2026-04-08 12:34:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Find private keys within gzip-compresssed files

Browse source
This commit is contained in:
Joe Wreschnig 2025-04-25 10:08:34 +02:00
parent 5c514f85cc
commit e2c9870bc2
3 changed files with 27 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.pre-commit-hooks.yaml
View file

@ -127,7 +127,7 @@
description: detects the presence of private keys. description: detects the presence of private keys.
entry: detect-private-key entry: detect-private-key
language: python language: python
types: [text] types_or: [text, tgz, gz]
- id: double-quote-string-fixer - id: double-quote-string-fixer
name: fix double quoted strings name: fix double quoted strings
description: replaces double quoted strings with single quoted strings. description: replaces double quoted strings with single quoted strings.

11
pre_commit_hooks/detect_private_key.py
View file

@ -1,6 +1,7 @@
from __future__ import annotations from __future__ import annotations
import argparse import argparse
import gzip
from collections.abc import Sequence from collections.abc import Sequence
BLACKLIST = [ BLACKLIST = [
@ -29,6 +30,16 @@ def main(argv: Sequence[str] | None = None) -> int:
content = f.read() content = f.read()
if any(line in content for line in BLACKLIST): if any(line in content for line in BLACKLIST):
private_key_files.append(filename) private_key_files.append(filename)
continue
try:
if filename.endswith(('.gz', '.tgz')):
with gzip.open(filename, 'rb') as f:
content = f.read()
if any(line in content for line in BLACKLIST):
private_key_files.append(filename)
continue
except gzip.BadGzipFile:
pass
if private_key_files: if private_key_files:
for private_key_file in private_key_files: for private_key_file in private_key_files:

15
tests/detect_private_key_test.py
View file

@ -1,5 +1,7 @@
from __future__ import annotations from __future__ import annotations
import gzip
import pytest import pytest
from pre_commit_hooks.detect_private_key import main from pre_commit_hooks.detect_private_key import main
@ -26,3 +28,16 @@ def test_main(input_s, expected_retval, tmpdir):
path = tmpdir.join('file.txt') path = tmpdir.join('file.txt')
path.write_binary(input_s) path.write_binary(input_s)
assert main([str(path)]) == expected_retval assert main([str(path)]) == expected_retval
@pytest.mark.parametrize(('input_s', 'expected_retval'), TESTS)
def test_main_gzip(input_s, expected_retval, tmpdir):
path = tmpdir.join('file.txt.gz')
path.write_binary(gzip.compress(input_s))
assert main([str(path)]) == expected_retval
def test_main_gz_not_gzip(tmpdir):
path = tmpdir.join('file.txt.gz')
path.write_binary(b'not a sensitive value nor gzip')
assert main([str(path)]) == 0