From 307d578d739eb254ef3000fdde94271af9b8923e Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 30 Jan 2022 12:02:58 +0100
Subject: Adding upstream version 4.1.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 pre_commit_hooks/detect_private_key.py | 41 ++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 pre_commit_hooks/detect_private_key.py

(limited to 'pre_commit_hooks/detect_private_key.py')

diff --git a/pre_commit_hooks/detect_private_key.py b/pre_commit_hooks/detect_private_key.py
new file mode 100644
index 0000000..18f9539
--- /dev/null
+++ b/pre_commit_hooks/detect_private_key.py
@@ -0,0 +1,41 @@
+import argparse
+from typing import Optional
+from typing import Sequence
+
+BLACKLIST = [
+    b'BEGIN RSA PRIVATE KEY',
+    b'BEGIN DSA PRIVATE KEY',
+    b'BEGIN EC PRIVATE KEY',
+    b'BEGIN OPENSSH PRIVATE KEY',
+    b'BEGIN PRIVATE KEY',
+    b'PuTTY-User-Key-File-2',
+    b'BEGIN SSH2 ENCRYPTED PRIVATE KEY',
+    b'BEGIN PGP PRIVATE KEY BLOCK',
+    b'BEGIN ENCRYPTED PRIVATE KEY',
+    b'BEGIN OpenVPN Static key V1',
+]
+
+
+def main(argv: Optional[Sequence[str]] = None) -> int:
+    parser = argparse.ArgumentParser()
+    parser.add_argument('filenames', nargs='*', help='Filenames to check')
+    args = parser.parse_args(argv)
+
+    private_key_files = []
+
+    for filename in args.filenames:
+        with open(filename, 'rb') as f:
+            content = f.read()
+            if any(line in content for line in BLACKLIST):
+                private_key_files.append(filename)
+
+    if private_key_files:
+        for private_key_file in private_key_files:
+            print(f'Private key found: {private_key_file}')
+        return 1
+    else:
+        return 0
+
+
+if __name__ == '__main__':
+    raise SystemExit(main())
-- 
cgit v1.2.3