feat: [CI-10849]: add git-leaks support

2026-06-04 18:24:24 +08:00 · 2024-03-18 02:11:46 +05:30
parent b009c711b5
commit 3c4c8e5f10
8 changed files with 147 additions and 0 deletions
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+#Helper script to be used as a pre-commit hook.
+
+echo "This hook checks for any secrets getting pushed as part of commit. If you feel that scan is false positive. \
+Then add the exclusion in .gitleaksignore file. For more info visit: https://github.com/zricethezav/gitleaks"
+
+GIT_LEAKS_PRE_COMMIT=s$(git config --bool hook.pre-commit.gitleak)
+
+echo "INFO: Scanning Commits information for any GIT LEAKS"
+gitleaks protect --staged -v --exit-code=100
+STATUS=$?
+if [ $STATUS = 100  ]; then
+    echo "WARNING: GIT LEAKS has detected sensitive information in your changes. Please remove them or add them (IF NON-SENSITIVE) in .gitleaksignore file."
+else
+    exit 0
+fi
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+#Helper script to be used as a pre-commit hook.
+
+echo "This hook checks for any secrets getting pushed as part of commit. If you feel that scan is false positive. \
+Then add the exclusion in .gitleaksignore file. For more info visit: https://github.com/zricethezav/gitleaks"
+
+GIT_LEAKS=$(git config --bool hook.pre-push.gitleaks)
+
+echo "INFO: Scanning Commits information for any GIT LEAKS"
+gitleaks detect -s ./ --log-level=debug --log-opts=-1 -v
+STATUS=$?
+if [ $STATUS != 0  ]; then
+    echo "WARNING: GIT LEAKS has detected sensitive information in your changes. Please remove them or add them (IF NON-SENSITIVE) in .gitleaksignore file."
+    exit $STATUS
+else
+    exit 0
+fi
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+GL_SCRIPT_PATH="$HOME/.git_template/hooks/git-leaks-pre-commit.sh"
+
+pushd `dirname $0` > /dev/null && cd ../.. && BASEDIR=$(pwd -L) && popd > /dev/null
+BASENAME=`basename $0`
+
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+    against=HEAD
+else
+    #Initial commit : diff against an empty tree object
+    against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+fi
+
+GIT_LEAKS_PRE_COMMIT=hook.pre-commit.gitleaks
+if [ "`git config $GIT_LEAKS_PRE_COMMIT`" == "false" ]
+then
+    echo -e '\033[0;31m' checking git leaks is disabled - to enable: '\033[0;37m'git config --unset $GIT_LEAKS_PRE_COMMIT '\033[0m'
+    echo -e '\033[0;34m' checking git leaks  ... to enable: '\033[0;37m'git config --add $GIT_LEAKS_PRE_COMMIT true '\033[0m'
+else
+    echo -e '\033[0;34m' checking for git leaks...
+    [ -f "${GL_SCRIPT_PATH}" ] && . ${GL_SCRIPT_PATH} || echo "ERROR: Hook Script Not Found..." && exit 404
+fi
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+GL_SCRIPT_PATH="$HOME/.git_template/hooks/git-leaks.sh"
+
+pushd `dirname $0` > /dev/null && cd ../.. && BASEDIR=$(pwd -L) && popd > /dev/null
+BASENAME=`basename $0`
+
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+    against=HEAD
+else
+    #Initial commit : diff against an empty tree object
+    against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+fi
+
+GIT_LEAKS=hook.pre-push.gitleaks
+if [ "`git config $GIT_LEAKS`" == "false" ]
+then
+    echo -e '\033[0;31m' checking git leaks is disabled - to enable: '\033[0;37m'git config --unset $GIT_LEAKS '\033[0m'
+    echo -e '\033[0;34m' checking git leaks  ... to enable: '\033[0;37m'git config --add $GIT_LEAKS true '\033[0m'
+else
+    echo -e '\033[0;34m' checking for git leaks...
+    [ -f "${GL_SCRIPT_PATH}" ] && . ${GL_SCRIPT_PATH} || echo "ERROR: Hook Script Not Found..." && exit 404
+fi