-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpre-commit-hook
More file actions
159 lines (106 loc) · 3.09 KB
/
pre-commit-hook
File metadata and controls
159 lines (106 loc) · 3.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#!/bin/bash
set -e
### uncomment to debug
# set -x
######## VARIABLES #########
TMP_DIR=~/gitleaks-tmp
BIN_DIR=./bin
GO_APP=go
WGET_APP=wget
GITLEAKS_APP_NAME=gitleaks
GITLEAKS_APP_PATH=$GITLEAKS_APP_NAME
RELEASES_URL=https://api.github.com/repos/gitleaks/gitleaks/releases/latest
SCRIPT_NAME=pre-commit-hook.sh
######## ASSIGN #########
OS=$(uname)
ARCH=$(uname -m)
if [[ "$ARCH" == "aarch64" ]]; then
ARCH="arm64";
fi
if [[ "$ARCH" == "x86_64" ]]; then
ARCH="x64";
fi
if [ -f "${BIN_DIR}/${GITLEAKS_APP_NAME}" ]; then
GITLEAKS_APP_PATH="${BIN_DIR}/${GITLEAKS_APP_NAME}"
fi
function run_gitleaks {
$GITLEAKS_APP_PATH protect --verbose --redact --staged
}
function download_binary_release {
if type -P $WGET_APP; then
RELEASE_URL=`echo $RELEASE_RECORD| awk -F'"' '{print $4}'`
echo "Release url: ${RELEASE_URL}"
mkdir -p $TMP_DIR
wget -P $TMP_DIR $RELEASE_URL
# curl -o "${TMP_DIR}/${RELEASE_FILE}" $RELEASE_URL
RELEASE_FILE=`echo $RELEASE_URL| awk -F'/' '{print $NF}'`
echo "Release file: ${RELEASE_FILE}"
tar -zxvf "${TMP_DIR}/${RELEASE_FILE}" -C $TMP_DIR
else
echo ""
echo "WGET could not be found. Please install."
echo ""
exit 1
fi
}
function compile_from_sources {
echo "Compile Gitleaks sources"
if type -P $GO_APP; then
git clone https://github.com/gitleaks/gitleaks.git $TMP_DIR
COMPILE=`cd $TMP_DIR && make build`
copy_app_from_tmp
else
echo ""
echo "GO could not be found. Please install to compile the Gitleaks sources"
echo ""
exit 1
fi
}
# copy binary to repo/bin folder and use in pre-commit
function copy_app_from_tmp {
mkdir -p $BIN_DIR
yes | cp -rf "${TMP_DIR}/${GITLEAKS_APP_NAME}" "${BIN_DIR}/${GITLEAKS_APP_NAME}"
GITLEAKS_APP_PATH="${BIN_DIR}/${GITLEAKS_APP_NAME}"
echo "GITLEAKS_APP_PATH: ${GITLEAKS_APP_PATH}"
chmod +x $GITLEAKS_APP_PATH
echo ""
echo "Gitleaks installation to repo/bin folder is complete."
echo ""
}
# get binary from the latest release for os and arch, or build from go sources if release does not exists
function install_gitleaks {
echo ""
echo "install Gitleaks on ${OS} ${ARCH}"
echo ""
RELEASE_RECORD=`curl -L -H "Accept: application/vnd.github+json" $RELEASES_URL | grep browser_download_url | grep -i $OS | grep -i $ARCH | head -n 1`
# if no release for the os and arch, build from sources
if [[ -z "$RELEASE_RECORD" ]]; then
compile_from_sources
# if there is release for the os and arch, download and use the binary
else
download_binary_release
copy_app_from_tmp
fi
# cleanup
if [ -d "$TMP_DIR" ]; then rm -Rf $TMP_DIR; fi
}
main() {
# check user.gitleaks-enable
PRECOMMIT_ENABLED=$(git config --get --default 1 --int user.gitleaks-enable);
echo ""
echo "Gitleaks pre-commit enabled: $PRECOMMIT_ENABLED"
echo ""
if [ $PRECOMMIT_ENABLED -eq 1 ]; then
if type -P $GITLEAKS_APP_NAME || [ -f "${BIN_DIR}/${GITLEAKS_APP_NAME}" ]; then
run_gitleaks
else
echo ""
echo "Gitleaks not found in \$PATH. Installling..."
echo ""
install_gitleaks && run_gitleaks
fi
else
exit 0;
fi
}
main "$@"