pre-commit/pre-commit-hooks
1
0
Fork 0
mirror of https://github.com/pre-commit/pre-commit-hooks.git synced 2025-08-16 03:20:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
pre-commit-hooks/pre_commit_hooks/detect_private_key.py
Luís Ferreira 1b4e30e9aa detect_private_key: add OpenVPN shared-secret key block 
'OpenVPN Static key V1' label is often used by OpenVPN for providing hardening
security with additional HMAC signatures to the SSL/TLS handshake packets. They
are shared secrets and should be kept private.

Signed-off-by: Luís Ferreira <contact@lsferreira.net>
2021-10-02 20:53:39 +01:00

42 lines
1.1 KiB
Python
Raw Blame History

import argparse
from typing import Optional
from typing import Sequence
BLACKLIST = [
b'BEGIN RSA PRIVATE KEY',
b'BEGIN DSA PRIVATE KEY',
b'BEGIN EC PRIVATE KEY',
b'BEGIN OPENSSH PRIVATE KEY',
b'BEGIN PRIVATE KEY',
b'PuTTY-User-Key-File-2',
b'BEGIN SSH2 ENCRYPTED PRIVATE KEY',
b'BEGIN PGP PRIVATE KEY BLOCK',
b'BEGIN ENCRYPTED PRIVATE KEY',
b'BEGIN OpenVPN Static key V1',
]
def main(argv: Optional[Sequence[str]] = None) -> int:
parser = argparse.ArgumentParser()
parser.add_argument('filenames', nargs='*', help='Filenames to check')
args = parser.parse_args(argv)
private_key_files = []
for filename in args.filenames:
with open(filename, 'rb') as f:
content = f.read()
if any(line in content for line in BLACKLIST):
private_key_files.append(filename)
if private_key_files:
for private_key_file in private_key_files:
print(f'Private key found: {private_key_file}')
return 1
else:
return 0
if __name__ == '__main__':
exit(main())
Reference in New Issue View Git Blame Copy Permalink