上QQ阅读APP看书,第一时间看更新
How to do it...
Let's go back to the example we started with—how could have Git hooks stopped Ryan Hellyer from accidentally leaking his Amazon AWS access keys to GitHub? You can invoke a script at pre-commit using Git hooks to scan the increment of code being committed into your local repository for specific keywords:
- Replace the code in this pre-commit shell file with the following code:
#!C:/Program\ Files/Git/usr/bin/sh.exe
matches=$(git diff-index --patch HEAD | grep '^+' | grep -Pi 'password|keyword2|keyword3')
if [ ! -z "$matches" ]
then
cat <<\EOT
Error: Words from the blacklist were present in the diff:
EOT
echo $matches
exit 1
fi
You don't have to build the full keyword scan list in this script. Instead, you can branch off to a different file by referring it here that you could simply encrypt or scramble if you wanted to.