Skip to content

Find private keys within gzip-compresssed files #1159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Find private keys within gzip-compresssed files #1159

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .pre-commit-hooks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@
description: detects the presence of private keys.
entry: detect-private-key
language: python
types: [text]
types_or: [text, tgz, gz]
- id: double-quote-string-fixer
name: fix double quoted strings
description: replaces double quoted strings with single quoted strings.
Expand Down
11 changes: 11 additions & 0 deletions pre_commit_hooks/detect_private_key.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from __future__ import annotations

import argparse
import gzip
from collections.abc import Sequence

BLACKLIST = [
Expand Down Expand Up @@ -29,6 +30,16 @@ def main(argv: Sequence[str] | None = None) -> int:
content = f.read()
if any(line in content for line in BLACKLIST):
private_key_files.append(filename)
continue
try:
if filename.endswith(('.gz', '.tgz')):
with gzip.open(filename, 'rb') as f:
content = f.read()
if any(line in content for line in BLACKLIST):
private_key_files.append(filename)
continue
except gzip.BadGzipFile:
pass

if private_key_files:
for private_key_file in private_key_files:
Expand Down
15 changes: 15 additions & 0 deletions tests/detect_private_key_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
from __future__ import annotations

import gzip

import pytest

from pre_commit_hooks.detect_private_key import main
Expand All @@ -26,3 +28,16 @@ def test_main(input_s, expected_retval, tmpdir):
path = tmpdir.join('file.txt')
path.write_binary(input_s)
assert main([str(path)]) == expected_retval


@pytest.mark.parametrize(('input_s', 'expected_retval'), TESTS)
def test_main_gzip(input_s, expected_retval, tmpdir):
path = tmpdir.join('file.txt.gz')
path.write_binary(gzip.compress(input_s))
assert main([str(path)]) == expected_retval


def test_main_gz_not_gzip(tmpdir):
path = tmpdir.join('file.txt.gz')
path.write_binary(b'not a sensitive value nor gzip')
assert main([str(path)]) == 0