pre-commit/pre-commit-hooks
1
0
Fork 0
mirror of https://github.com/pre-commit/pre-commit-hooks.git synced 2025-08-14 17:31:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
pre-commit-hooks/pre_commit_hooks/detect_private_key.py
Luís Ferreira ccdf02dfd4 detect_private_key: add textual version of PKCS #8 encrypted private keys 
As described by RFC7468 and RFC5958, keys that are encoded using the "ENCRYPTED
PRIVATE KEY" label are described as private key information and therefore can
contain secrets, even though encrypted.

Signed-off-by: Luís Ferreira <contact@lsferreira.net>
2021-10-02 20:53:33 +01:00

41 lines
1.0 KiB
Python
Raw Blame History

import argparse
from typing import Optional
from typing import Sequence
BLACKLIST = [
b'BEGIN RSA PRIVATE KEY',
b'BEGIN DSA PRIVATE KEY',
b'BEGIN EC PRIVATE KEY',
b'BEGIN OPENSSH PRIVATE KEY',
b'BEGIN PRIVATE KEY',
b'PuTTY-User-Key-File-2',
b'BEGIN SSH2 ENCRYPTED PRIVATE KEY',
b'BEGIN PGP PRIVATE KEY BLOCK',
b'BEGIN ENCRYPTED PRIVATE KEY',
]
def main(argv: Optional[Sequence[str]] = None) -> int:
parser = argparse.ArgumentParser()
parser.add_argument('filenames', nargs='*', help='Filenames to check')
args = parser.parse_args(argv)
private_key_files = []
for filename in args.filenames:
with open(filename, 'rb') as f:
content = f.read()
if any(line in content for line in BLACKLIST):
private_key_files.append(filename)
if private_key_files:
for private_key_file in private_key_files:
print(f'Private key found: {private_key_file}')
return 1
else:
return 0
if __name__ == '__main__':
exit(main())
Reference in New Issue View Git Blame Copy Permalink