Home Explore Help
Sign In
sintez
/
py_task
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 609422c2ac
Branches Tags
py_task
/
venv
/
lib
/
python3.9
/
site-packages
/
dodgy
/
checks.py

checks.py 2.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. import codecs
    2. 

  2. import gzip
    3. 

  3. import re
    4. 

  4. from functools import partial
    5. 

  5. 

  6. STRING_VALS = (
    7. 

  7.     (
    8. 

  8.         "aws_secret_key",
    9. 

  9.         "Amazon Web Services secret key",
    10. 

  10.         (
    11. 

  11.             re.compile(r'(\'|")[A-Za-z0-9\\\+]{40}(\'|")'),
    12. 

  12.             re.compile(r"(\b|_)AWS(\b|_)", re.IGNORECASE),
    13. 

  13.         ),
    14. 

  14.         all,
    15. 

  15.     ),
    16. 

  16. )
    17. 

  17. 

  18. LINE_VALS = (
    19. 

  19.     (
    20. 

  20.         "diff",
    21. 

  21.         "Possible SCM diff in code",
    22. 

  22.         (re.compile(r"^<<<<<<< .*$"), re.compile(r"^>>>>>>> .*$")),
    23. 

  23.     ),
    24. 

  24.     (
    25. 

  25.         "ssh_rsa_private_key",
    26. 

  26.         "Possible SSH private key",
    27. 

  27.         re.compile(r"^-{5}(BEGIN|END)\s+RSA\s+PRIVATE\s+KEY-{5}$"),
    28. 

  28.     ),
    29. 

  29.     (
    30. 

  30.         "ssh_rsa_public_key",
    31. 

  31.         "Possible SSH public key",
    32. 

  32.         re.compile(r"^ssh-rsa\s+AAAA[0-9A-Za-z+/]+[=]{0,3}\s*([^@]+@[^@]+)?$"),
    33. 

  33.     ),
    34. 

  34. )
    35. 

  35. 

  36. VAR_NAMES = (
    37. 

  37.     (
    38. 

  38.         "password",
    39. 

  39.         "Possible hardcoded password",
    40. 

  40.         re.compile(
    41. 

  41.             r'(\b|[A-Z0-9_]*_)PASSWORD(_[A-Z0-9_]*|\b)\s*=\s(\'|")[^\'"]+(\'|")'
    42. 

  42.         ),
    43. 

  43.     ),
    44. 

  44.     (
    45. 

  45.         "secret",
    46. 

  46.         "Possible hardcoded secret key",
    47. 

  47.         re.compile(r'(\b|[A-Z0-9_]*_)SECRET(_[A-Z0-9_]*|\b)\s*=\s(\'|")[^\'"]+(\'|")'),
    48. 

  48.     ),
    49. 

  49. )
    50. 

  50. 

  51. 

  52. def check_line(line, check_list):
    53. 

  53.     messages = []
    54. 

  54. 

  55.     for tup in check_list:
    56. 

  56.         if len(tup) == 3:
    57. 

  57.             key, msg, regexps = tup
    58. 

  58.             cond = any
    59. 

  59.         else:
    60. 

  60.             key, msg, regexps, cond = tup
    61. 

  61. 

  62.         if not isinstance(regexps, (list, tuple)):
    63. 

  63.             regexps = [regexps]
    64. 

  64.         if cond([regexp.search(line) for regexp in regexps]):
    65. 

  65.             messages.append((key, msg))
    66. 

  66. 

  67.     return messages
    68. 

  68. 

  69. 

  70. def check_file(filepath):
    71. 

  71.     if filepath.endswith(".gz"):
    72. 

  72.         # this file looks like it is using gzip compression
    73. 

  73.         fopen = partial(gzip.open, mode="rt")
    74. 

  74.     else:
    75. 

  75.         # otherwise treat as standard text file
    76. 

  76.         fopen = partial(codecs.open, mode="r")
    77. 

  77.     with fopen(filepath, encoding="utf-8") as to_check:
    78. 

  78.         return check_file_contents(to_check.read())
    79. 

  79. 

  80. 

  81. def check_file_contents(file_contents):
    82. 

  82.     messages = []
    83. 

  83. 

  84.     for line_number0, line in enumerate(file_contents.split("\n")):
    85. 

  85.         for check_list in (STRING_VALS, LINE_VALS, VAR_NAMES):
    86. 

  86.             messages += [
    87. 

  87.                 (line_number0 + 1, key, msg)
    88. 

  88.                 for key, msg in check_line(line, check_list)
    89. 

  89.             ]
    90. 

  90. 

  91.     return messages
    92.