Adding a small pre-commit script to check out a presence of secrets using...

Adding a small pre-commit script to check out a presence of secrets using ggshield, if it is not installed will run a custom list of grep expressions

Adding a small pre-commit script to check out a presence of secrets using...
Adding a small pre-commit script to check out a presence of secrets using ggshield, if it is not installed will run a custom list of grep expressions
6eed1885 · Francisco Perez · 7a0ffefd · 6eed1885
Commit 6eed1885 authored 1 year ago by Francisco Perez
--- a/git_hooks/pre-commit
+++ b/git_hooks/pre-commit
+#!/bin/sh
+
+### This is a small pre-commit script that checks for the presence of secrets using ggshield. 
+### If ggshield is not installed, it will run a custom list of grep expressions to perform the secret check
+
+set -ep
+
+# Function to check if a command is available
+command_exists() {
+  command -v "$1" >/dev/null 2>&1
+}
+
+# Check if ggshield is installed
+if command_exists ggshield; then
+  # Run ggshield to scan for sensitive information
+  ggshield secret scan pre-commit "$@"
+else
+  # Display a warning if ggshield is not installed
+  echo "WARNING: ggshield is not installed."
+  echo
+  echo "INFO: Please consider to installing by following the steps below:" 
+  echo "pip install --user -U ggshield"
+  echo "ggshield auth login"
+  echo
+  echo "INFO: Running a custom lit of grep to check for common passwords patterns."
+  # Run grep to search for potential passwords (modify this command as needed)
+  if grep -r -I -E '(?:ghp|gho|ghu|ghs|ghr)_[0-9a-zA-Z]{36,}' . >/dev/null; then
+    echo "WARNING: Potential Github passwords found. Commit blocked."
+    exit 1
+  fi
+fi
+
+# If everything is fine, allow the commit to proceed
+echo
+echo "INFO: No issues found out"
+exit 0
\ No newline at end of file