platform-samples icon indicating copy to clipboard operation
platform-samples copied to clipboard

Published 20 hours ago verified publisher icon github

the block confidential script is not blocking the kubeconfig file

Open vivuu1989 opened this issue 5 years ago • 5 comments

Hello experts,

We are using the platform samples the block confidential pre-receive script in our environment. It was working as expected. but when we scanned the GitHub data , we could identify that the kubeconfig files are not getting blocked.

Could you please suggest us to add the best regex to find the kubeconfig file and block it through pre-receive script..

vivuu1989 avatar May 31 '19 04:05 vivuu1989

To block a certain file by extension, you may want to look at the https://github.com/github/platform-samples/blob/master/pre-receive-hooks/block_file_extensions.sh example, @vivuu1989.

stoe avatar May 31 '19 05:05 stoe

@stoe thanks , but we were looking for the possibility to block it through the same pre-receive hook which we are using for the block confidential. Because the user may store the file in different format and it may not identify.. Hence we are looking for some regex same like which we used for finding RSA token or etc..

vivuu1989 avatar May 31 '19 06:05 vivuu1989

@vivuu1989, you can add the required regex to the list in https://github.com/github/platform-samples/blob/e9c21779b6d137100a6545049986c93044c7c5df/pre-receive-hooks/block_confidentials.sh#L20-L29

stoe avatar May 31 '19 07:05 stoe

@stoe yes , thats correct. But we are confused about the regex value which can be added to the script to block the kubeconfig file.

vivuu1989 avatar Jun 06 '19 05:06 vivuu1989

@vivuu1989, maybe try https://regexr.com to get to the regex you need?

stoe avatar Jun 06 '19 11:06 stoe