safe-commit-hook Extend the JSON spec to allow for searching for body of modified files.

Extend the JSON spec to allow for searching for body of modified files.

Open jandre opened this issue 9 years ago • 2 comments

Currently, only file names are searched and filtered to try to find dangerous files. It'd be great if you could in git-deny-patterns.json specify a search that looks for items in the body of checked in files, such as "-----BEGIN RSA PRIVATE KEY-----" etc

Oct 04 '15 13:10 jandre

I could help with that but I'm trying to think other examples (besides -----BEGIN RSA PRIVATE KEY-----) where this feature could be useful. Any ideas?

Nov 24 '15 09:11 zuBux

See the appendix of this paper for a long list of great examples, with robust regexes ready to go:

https://www.ndss-symposium.org/ndss-paper/how-bad-can-it-git-characterizing-secret-leakage-in-public-github-repositories/

(As discussed here https://blog.acolyer.org/2019/04/08/how-bad-can-it-git-characterizing-secret-leakage-in-public-github-repositories/)

Apr 09 '19 20:04 mikepqr

safe-commit-hook safe-commit-hook copied to clipboard

Extend the JSON spec to allow for searching for body of modified files.

safe-commit-hook
safe-commit-hook copied to clipboard