summaryrefslogtreecommitdiffstats
path: root/pre_commit_hooks/detect_private_key.py
diff options
context:
space:
mode:
Diffstat (limited to 'pre_commit_hooks/detect_private_key.py')
-rw-r--r--pre_commit_hooks/detect_private_key.py42
1 files changed, 42 insertions, 0 deletions
diff --git a/pre_commit_hooks/detect_private_key.py b/pre_commit_hooks/detect_private_key.py
new file mode 100644
index 0000000..cd51f90
--- /dev/null
+++ b/pre_commit_hooks/detect_private_key.py
@@ -0,0 +1,42 @@
+from __future__ import annotations
+
+import argparse
+from typing import Sequence
+
+BLACKLIST = [
+ b'BEGIN RSA PRIVATE KEY',
+ b'BEGIN DSA PRIVATE KEY',
+ b'BEGIN EC PRIVATE KEY',
+ b'BEGIN OPENSSH PRIVATE KEY',
+ b'BEGIN PRIVATE KEY',
+ b'PuTTY-User-Key-File-2',
+ b'BEGIN SSH2 ENCRYPTED PRIVATE KEY',
+ b'BEGIN PGP PRIVATE KEY BLOCK',
+ b'BEGIN ENCRYPTED PRIVATE KEY',
+ b'BEGIN OpenVPN Static key V1',
+]
+
+
+def main(argv: Sequence[str] | None = None) -> int:
+ parser = argparse.ArgumentParser()
+ parser.add_argument('filenames', nargs='*', help='Filenames to check')
+ args = parser.parse_args(argv)
+
+ private_key_files = []
+
+ for filename in args.filenames:
+ with open(filename, 'rb') as f:
+ content = f.read()
+ if any(line in content for line in BLACKLIST):
+ private_key_files.append(filename)
+
+ if private_key_files:
+ for private_key_file in private_key_files:
+ print(f'Private key found: {private_key_file}')
+ return 1
+ else:
+ return 0
+
+
+if __name__ == '__main__':
+ raise SystemExit(main())
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-18 05:37:11 +0000