-
Notifications
You must be signed in to change notification settings - Fork 2
/
index.js
56 lines (51 loc) · 1.47 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/usr/bin/env node
const path = require('path')
const fs = require('fs')
const simpleEntropy = (str) => {
const set = {}
str.split('').forEach(
c => (set[c] ? set[c]++ : (set[c] = 1))
)
return Object.keys(set).reduce((acc, c) => {
const p = set[c] / str.length;
return acc - (p * (Math.log(p) / Math.log(2)))
}, 0)
}
const file = process.argv[2]
if (!file) {
console.error('You need to provide a file as an argument')
process.exit(1)
}
const fullpath = path.isAbsolute(file) ? file : path.join(process.cwd(), file)
if (path.basename(fullpath).startsWith('.env')) {
console.log('Ignoring file', fullpath)
process.exit()
}
try {
const source = fs.readFileSync(fullpath, 'utf8')
const lines = source.split('\n')
if (lines[0] && lines[0].includes('findsecrets-ignore-file')) {
process.exit()
}
const errors = lines.reduce((errors, line, lineNumber) => {
if (line.includes('findsecrets-ignore-line')) {
return errors
}
const words = line.split(/\W+/)
words.forEach(word => {
const entropy = simpleEntropy(word)
if (entropy > 4) {
errors.push(` at line ${lineNumber + 1} ${word.substring(0, word.length / 2 + 1)}...`)
}
}, false)
return errors
}, [])
if (errors.length > 0) {
console.error('Found secrets in', fullpath)
errors.forEach(error => console.error(error))
process.exit(1)
}
} catch (err) {
console.error('Error', err.stack || err.message || String(err))
process.exit(1)
}