Skip to content
Looks at Python code to search for things which look "dodgy" such as passwords or diffs
Python
Branch: master
Clone or download
Carl Crowder
Latest commit 403dc26 Dec 31, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/workflows Change mesage on twine upload to print to stderr Sep 22, 2019
dodgy Version bump prematurely for next release Dec 31, 2019
tests
.coveragerc Adding support for some third-party tools Dec 25, 2013
.gitignore Modernising dodgy to be a bit more python3 now that python2 is proper… Dec 31, 2019
.landscape.yaml Adding a landscape config file Dec 25, 2013
.travis.yml Modernising dodgy to be a bit more python3 now that python2 is proper… Dec 31, 2019
LICENSE Initial commit Dec 25, 2013
MANIFEST.in Removing script now that entry_points is used in stead Dec 31, 2019
README.md Merge branch 'master' into fix_badges Dec 31, 2019
setup.py Making all tests/CI/classifiers match the supported python versions (… Dec 31, 2019
tox.ini Making all tests/CI/classifiers match the supported python versions (… Dec 31, 2019

README.md

dodgy

Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions designed to detect things such as accidental SCM diff checkins, or passwords or secret keys hard coded into files.

While this is primarily aimed at open source projects (for whom a publicly available secret key is pretty dangerous), it can also be used in private projects, with the caveat that it will point out things which are not a problem for private projects and is not configurable enough currently to change that.

Another note - this tool is probably best run pre-commit, since it will hopefully prevent dodgy things being checked in. To automatically execute before a commit use a git pre-commit hook

Status

Latest Version Build Status Code Health Coverage Status

This is a very early version with minimal functionality right now, but will be improved over time.

It was written as one of several tools for landscape.io, a code metrics and repository analyser for Python. As such, the features will mostly reflect the needs of Landscape in the early stages.

You can’t perform that action at this time.