Skip to content

Releases: wfps60412/Preupload-Guard

v1.1.2 — First Open-Source Release

26 Jun 13:37
@wfps60412 wfps60412
v1.1.2
35906bd

Choose a tag to compare

View all tags
v1.1.2 — First Open-Source Release Latest
Latest

PreUpload Guard v1.1.2

First public open-source release of PreUpload Guard.

PreUpload Guard is a local-first, offline tool for checking files before sharing them with AI tools, repositories, or third parties. It helps detect potential secrets, credentials, personal data, sensitive files, and risky metadata before upload.

Highlights

  • Local-first and offline by design
    No network requests, telemetry, or cloud upload are required for scanning.

  • Bilingual interface
    Switch between Traditional Chinese and English in the GUI.

  • GUI and CLI support
    Use the desktop interface for review and sanitization, or use the CLI as a pre-upload / CI gate.

  • Headless scanning engine
    The core scanner can run without Tkinter or a graphical environment.

  • Risk categories
    Detects common patterns related to:

    • API keys, tokens, secrets, and credentials
    • Private keys, certificates, signing files, and environment files
    • Passwords and database connection strings
    • Payment-related data and card-number patterns
    • Personal data, device identifiers, IP addresses, and local paths
    • Logs, diagnostics, databases, backups, and version-control metadata
    • Sensitive configuration values, salts, cryptographic keys, and deployment-related fields

  • Archive support
    Scans ZIP archives recursively, including common Office document ZIP structures.

  • Safe sanitization workflow
    Supports review, masking, exclusion, metadata removal where applicable, “Save”, and “Save As”.
    Original files are not overwritten unless explicitly requested, and overwrite operations create a timestamped backup first.

  • CLI upload gate
    Supports severity thresholds and strict handling for unscannable or unverifiable content.

  • Privacy-preserving reports
    JSON reports avoid storing matched secret values, absolute local paths, and scan timestamps.

v1.1.2 fixes

  • Fixed a release-gate issue where Python-generated __pycache__ directories could incorrectly block a medium-severity scan.
  • Derived caches and build artifacts remain visible as cleanup findings but no longer block the recommended medium-severity release gate.
  • Added regression coverage for derived-cache behavior.
  • Confirmed the published source package passes strict scanning with zero findings.

Verification

This release includes automated tests for:

  • Headless core import without Tkinter
  • CLI severity exit codes
  • Strict unscannable-file handling
  • Generic cryptographic and salt-field detection
  • Archive masking and credential exclusion
  • Safe report output without raw secret values or absolute paths
  • Placeholder-path false-positive prevention
  • Derived-cache release-gate behavior

License

Released under the MIT License.

Important limitations

PreUpload Guard is a safety aid, not a guarantee that a file contains no sensitive information.

Encrypted archives, unsupported binary formats, images, PDFs, audio, video, and other non-text content may require manual review. In strict mode, unscannable or unverifiable content can be treated as blocking.

PreUpload Guard v1.1.2(繁體中文)

PreUpload Guard 的首次公開開源發布版本。

PreUpload Guard 是一套本機優先、離線運作的上傳前檢查工具,協助你在將檔案分享給 AI、GitHub 或第三方之前,偵測可能的金鑰、憑證、個資、敏感檔案與中繼資料。

本版重點

  • 本機優先、離線設計
    掃描不需要網路連線、不包含遙測,也不會把檔案上傳到雲端。

  • 中英雙語介面
    GUI 可切換繁體中文與英文。

  • GUI 與 CLI
    可使用桌面介面檢視、遮罩與另存安全副本,也可使用 CLI 作為上傳前或 CI 關卡。

  • 無頭掃描核心
    核心掃描引擎不依賴 Tkinter 或圖形介面,可在 CI 或無 GUI 環境執行。

  • 風險分類偵測
    可檢查常見的:

    • API 金鑰、Token、Secret 與帳密
    • 私鑰、憑證、簽章檔與環境設定檔
    • 密碼與資料庫連線字串
    • 支付相關資料與卡號格式
    • 個資、裝置識別、IP 與本機路徑
    • 日誌、診斷資料、資料庫、備份與版本控制中繼資料
    • 敏感設定值、salt、加密金鑰與部署相關欄位

  • 壓縮檔支援
    可遞迴掃描 ZIP,也支援常見 Office 文件的 ZIP 結構。

  • 安全處理流程
    支援逐項檢視、遮罩、排除、可適用的中繼資料移除、「儲存」與「另存新檔」。
    預設不修改原檔;若選擇覆寫,會先建立時間戳備份。

  • CLI 強制關卡
    支援風險門檻與無法完整檢查內容的嚴格處理。

  • 隱私保護報告
    JSON 報告不保存命中的原始機密值、絕對本機路徑或掃描時間。

v1.1.2 修正

  • 修正 Python 執行時建立的 __pycache__ 可能被誤判為中等風險、進而阻擋發布掃描的問題。
  • 快取與衍生建置檔仍會作為清理提示顯示,但不再阻擋建議使用的 --fail-on medium 發布關卡。
  • 新增衍生快取行為的回歸測試。
  • 已確認正式發布來源包可通過嚴格掃描,結果為零項風險發現。

驗證內容

本版包含以下自動測試:

  • 無 Tkinter 環境下的核心引擎載入
  • CLI 嚴重度結束碼
  • 嚴格模式對無法檢查檔案的處理
  • 通用加密欄位與 salt 欄位偵測
  • ZIP 內遮罩與憑證排除
  • 報告不輸出原始機密值與絕對路徑
  • 路徑 placeholder 誤報防護
  • 衍生快取不阻擋發布 Gate

授權

本專案採用 MIT License 發布。

重要限制

PreUpload Guard 是安全輔助工具,不保證檔案中完全不存在敏感資訊。

加密壓縮檔、未支援的二進位格式、圖片、PDF、音訊、影片與其他非文字內容,仍可能需要人工檢查。在嚴格模式下,無法完整檢查或無法驗證的內容可被視為阻擋項目。

Assets 4
Loading