35 lines
1.1 KiB
Bash
35 lines
1.1 KiB
Bash
|
#!/usr/bin/env bash
|
|||
|
|
# Сканер утечки секретов в git-tracked файлах Montana.
|
|||
|
|
set -u
|
|||
|
|
cd "$(git rev-parse --show-toplevel 2>/dev/null)" || { echo "git repo нужен"; exit 1; }
|
|||
|
|
|
|||
|
|
FAIL=0
|
|||
|
|
GREEN='\033[0;32m'; RED='\033[0;31m'; NC='\033[0m'
|
|||
|
|
|
|||
|
|
declare -A PATTERNS=(
|
|||
|
|
["Reality privateKey (FI active)"]="cL7D6FCqH5nWcQlHCKH9uNr-RNwCt5peRAqt8tl9mXs"
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
ALLOWED='External-Audit/|/memory/'
|
|||
|
|
FILES=$(git ls-files | grep -vE "$ALLOWED" | grep -vE '\.(png|jpg|jpeg|gif|pdf|zip|tar|gz|bin|so|dylib)$')
|
|||
|
|
|
|||
|
|
for name in "${!PATTERNS[@]}"; do
|
|||
|
|
pat="${PATTERNS[$name]}"
|
|||
|
|
hits=$(printf "%s\n" "$FILES" | xargs grep -lF "$pat" 2>/dev/null || true)
|
|||
|
|
if [ -z "$hits" ]; then
|
|||
|
|
echo -e "${GREEN}✓${NC} $name — чисто"
|
|||
|
|
else
|
|||
|
|
echo -e "${RED}✗${NC} $name — обнаружены утечки:"
|
|||
|
|
echo "$hits" | head -10 | sed 's/^/ /'
|
|||
|
|
FAIL=$((FAIL+1))
|
|||
|
|
fi
|
|||
|
|
done
|
|||
|
|
|
|||
|
|
if [ "$FAIL" -eq 0 ]; then
|
|||
|
|
echo -e "${GREEN}=== СЕКРЕТЫ НЕ УТЕКЛИ ===${NC}"
|
|||
|
|
exit 0
|
|||
|
|
else
|
|||
|
|
echo -e "${RED}=== УТЕЧКИ: $FAIL паттернов ===${NC}"
|
|||
|
|
exit 1
|
|||
|
|
fi
|