This repository has been archived by the owner on Jan 20, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 242
/
pre-commit.sh
executable file
·57 lines (47 loc) · 1.82 KB
/
pre-commit.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/bin/bash
#
# Will check for API keys in what is about to be committed.
# Called by "git commit" with no arguments. The hook should
# exit with non-zero status after issuing an appropriate message if
# it wants to stop the commit.
#
# Use --no-verify to ignore
## Installation
# **Globally (all repos):**
# - Create global git directory:
# `mkdir $HOME/.git-hooks`
# - Configure a global git hooks path:
# `git config --global core.hooksPath $HOME/.git-hooks`
# - Install api-key-hook file:
# `cp pre-commit.sh $HOME/.git-hooks/pre-commit`
# **Locally (local repo):**
# - Create pre-commit.sh to local repo
# `cp pre-commit.sh .git/hooks/pre-commit`
STASH_NAME="pre-commit-$(date +%Y-%m-%d-%H-%M-%S)"
git stash push --quiet --keep-index --message "${STASH_NAME}"
# Test prospective commit
COINBASE_PRO_KEY="\b[a-f0-9]{32}\b"
COINBASE_PRO_SECRET="\b[a-zA-Z0-9=\/+]{88}\b"
POLONIEX_KEY="\b(([A-Z0-9]{8}\-){3})([A-Z0-9]{8})\b"
POLONIEX_SECRET="\b[a-f0-9]{128}\b"
BITTREX_KEY="\b[a-f0-9]{32}\b"
BITTREX_SECRET="\b[a-f0-9]{32}\b"
# De-dup regexs.
FORBIDDEN_EXP=($COINBASE_PRO_KEY $COINBASE_PRO_SECRET $POLONIEX_KEY $POLONIEX_SECRET $BITTREX_KEY $BITTREX_SECRET)
FORBIDDEN_EXP=($(echo "${FORBIDDEN_EXP[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
FAIL_MESSAGE=$'
COMMIT REJECTED Found possible secret keys. Please remove them before
committing or use --no-verify to ignore and commit anyway.'
exitcode=0
for expression in "${FORBIDDEN_EXP[@]}"; do
output=$(ls -p | grep -v '.lock\|package.json' | GREP_COLOR='4;5;37;41' xargs grep --color=always --directories=skip --with-filename -n -iE "${expression}")
if [[ $? -eq 0 ]]; then
echo "${output}"
echo "${FAIL_MESSAGE}"
exitcode=1
fi
done
if git stash list | head -1 | grep "${STASH_NAME}" >/dev/null; then
git stash pop -q
fi
exit "${exitcode}"