Compare commits
17 Commits
96fd63ec3c
..
main
| Author | SHA1 | Date | |
|---|---|---|---|
 tophe
|
61e9135070 | ||
|
tophe
|
161b6828e3 | ||
|
tophe
|
f68ddc6dc6 | ||
|
tophe
|
57285aeb17 | ||
|
tophe
|
339bdc2280 | ||
|
tophe
|
a5e1e3e206 | ||
|
tophe
|
d1a92299ec | ||
|
tophe
|
f1c39eaae2 | ||
|
tophe
|
a52b4baddc | ||
|
tophe
|
dc9fd58f66 | ||
|
tophe
|
65a6c50fec | ||
|
tophe
|
e6d2eee9ea | ||
|
tophe
|
24e08fca4f | ||
|
tophe
|
ac1b35b1d9 | ||
|
tophe
|
24afa9a8e8 | ||
|
tophe
|
2ee7decbfd | ||
|
tophe
|
e38a3df248 |
Executable
+81
@@ -0,0 +1,81 @@
|
||||
#!/bin/sh
|
||||
|
||||
RED='\033[0;31m'
|
||||
NC='\033[0m'
|
||||
|
||||
detected=false
|
||||
|
||||
check_file() {
|
||||
while IFS=: read -r file score; do
|
||||
[ -z "$file" ] && continue
|
||||
detected=true
|
||||
done <<EOF
|
||||
$(git diff --cached --name-only | while read -r f; do
|
||||
[ ! -f "$f" ] && continue
|
||||
case "$f" in
|
||||
.env|.env.*)
|
||||
[ "$f" = ".env.example" ] && continue
|
||||
echo "$f|1"
|
||||
;;
|
||||
esac
|
||||
case "$(basename "$f")" in
|
||||
.env|.env.*)
|
||||
[ "$f" = ".env.example" ] && continue
|
||||
echo "$f|1"
|
||||
;;
|
||||
esac
|
||||
done)
|
||||
EOF
|
||||
}
|
||||
|
||||
check_diff() {
|
||||
content=$(git diff --cached --diff-filter=ACM -- "$@" 2>/dev/null)
|
||||
[ -z "$content" ] && return
|
||||
|
||||
patterns='VITE_SUPABASE_SERVICE_ROLE_KEY|SUPABASE_SERVICE_ROLE|eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9|ghp_[0-9a-zA-Z]{36}|gho_[0-9a-zA-Z]{36}|sk_live_|sk_test_|AKIA[0-9A-Z]{16}|-----BEGIN[ A-Z]*PRIVATE KEY-----'
|
||||
|
||||
echo "$content" | while read -r line; do
|
||||
case "$line" in
|
||||
*VITE_SUPABASE_SERVICE_ROLE_KEY*)
|
||||
printf "${RED}⛔ Secret détecté : VITE_SUPABASE_SERVICE_ROLE_KEY (clé admin Supabase)${NC}\n"
|
||||
return 1
|
||||
;;
|
||||
*eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9*)
|
||||
printf "${RED}⛔ Secret détecté : JWT token (eyJ...) dans le diff${NC}\n"
|
||||
return 1
|
||||
;;
|
||||
*ghp_*|*gho_*)
|
||||
printf "${RED}⛔ Secret détecté : GitHub token (ghp_/gho_)${NC}\n"
|
||||
return 1
|
||||
;;
|
||||
*sk_live_*|*sk_test_*)
|
||||
printf "${RED}⛔ Secret détecté : clé Stripe${NC}\n"
|
||||
return 1
|
||||
;;
|
||||
*AKIA[0-9A-Z]*)
|
||||
printf "${RED}⛔ Secret détecté : clé AWS (AKIA)${NC}\n"
|
||||
return 1
|
||||
;;
|
||||
*-----BEGIN*PRIVATE*KEY*-----*)
|
||||
printf "${RED}⛔ Secret détecté : clé privée RSA/EC${NC}\n"
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
check_file
|
||||
|
||||
for f in $(git diff --cached --name-only); do
|
||||
case "$f" in .githooks/*) continue ;; esac
|
||||
check_diff "$f"
|
||||
[ $? -eq 1 ] && detected=true
|
||||
done
|
||||
|
||||
if [ "$detected" = true ]; then
|
||||
printf "${RED}⛔ Commit bloqué : secret(s) détecté(s) dans les fichiers indexés.${NC}\n"
|
||||
printf " Vérifie le contenu et utilise 'git rm --cached' si nécessaire.\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
exit 0
|
||||
Reference in New Issue
Block a user