35 lines
1.1 KiB
Bash
Executable File
35 lines
1.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
||
# Сканер утечки секретов в git-tracked файлах Montana.
|
||
set -u
|
||
cd "$(git rev-parse --show-toplevel 2>/dev/null)" || { echo "git repo нужен"; exit 1; }
|
||
|
||
FAIL=0
|
||
GREEN='\033[0;32m'; RED='\033[0;31m'; NC='\033[0m'
|
||
|
||
declare -A PATTERNS=(
|
||
["Reality privateKey (FI active)"]="cL7D6FCqH5nWcQlHCKH9uNr-RNwCt5peRAqt8tl9mXs"
|
||
)
|
||
|
||
ALLOWED='External-Audit/|/memory/'
|
||
FILES=$(git ls-files | grep -vE "$ALLOWED" | grep -vE '\.(png|jpg|jpeg|gif|pdf|zip|tar|gz|bin|so|dylib)$')
|
||
|
||
for name in "${!PATTERNS[@]}"; do
|
||
pat="${PATTERNS[$name]}"
|
||
hits=$(printf "%s\n" "$FILES" | xargs grep -lF "$pat" 2>/dev/null || true)
|
||
if [ -z "$hits" ]; then
|
||
echo -e "${GREEN}✓${NC} $name — чисто"
|
||
else
|
||
echo -e "${RED}✗${NC} $name — обнаружены утечки:"
|
||
echo "$hits" | head -10 | sed 's/^/ /'
|
||
FAIL=$((FAIL+1))
|
||
fi
|
||
done
|
||
|
||
if [ "$FAIL" -eq 0 ]; then
|
||
echo -e "${GREEN}=== СЕКРЕТЫ НЕ УТЕКЛИ ===${NC}"
|
||
exit 0
|
||
else
|
||
echo -e "${RED}=== УТЕЧКИ: $FAIL паттернов ===${NC}"
|
||
exit 1
|
||
fi
|