dataforge/fn_registry
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
212875ed0d734a413c266b88c95109cb333c68b9
fn_registry/bash/functions/cybersecurity/scan_secrets_in_dirty.sh
T
egutierrez 212875ed0d chore: auto-commit (286 archivos) 
- .claude/agents/fn-orquestador/SKILL.md
- .claude/commands/fn_claude.md
- .claude/rules/INDEX.md
- .claude/rules/cpp_apps.md
- .claude/rules/ids_naming.md
- CHANGELOG.md
- apps/dag_engine/README.md
- apps/dag_engine/api.go
- apps/dag_engine/dags_migrated/example.yaml
- apps/dag_engine/dags_migrated/example_lineage_tracking.yaml
- ...

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-16 16:33:22 +02:00

30 lines
1.2 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# scan_secrets_in_dirty — Para un repo git, lista archivos modificados/nuevos
# cuyo nombre matchee patron de secret. Stdout vacio si no hay matches.
# Exit 0 siempre que el repo exista (el caller decide si abortar).
scan_secrets_in_dirty() {
local repo_dir="${1:-.}"
# Accept both regular repos (.git is a directory) and worktrees (.git is a
# file containing "gitdir: ..." pointer).
if [[ ! -d "$repo_dir/.git" && ! -f "$repo_dir/.git" ]]; then
echo "scan_secrets_in_dirty: '$repo_dir' no es un repo git" >&2
return 1
fi
# Listar archivos modificados o nuevos (excluyendo borrados)
# y filtrar por patron de secret en el nombre del archivo.
# Excluye extensiones de codigo (sh/go/py/ts/md/etc) para no marcar el
# propio scanner ni docs que hablen de "secret"/"token".
git -C "$repo_dir" status --porcelain \
| awk '{print $NF}' \
| grep -E '(^|/)(\.env(\..*)?$|.*credentials.*|.*\.key$|.*\.pem$|id_rsa.*|.*secret.*|.*token.*\.txt$)' \
| grep -Ev '\.(sh|go|py|ts|tsx|js|jsx|md|rs|cpp|h|hpp|c|java|rb|html|css)$' \
|| true
}
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
scan_secrets_in_dirty "$@"
fi
Reference in New Issue View Git Blame Copy Permalink