Last active
November 20, 2017 16:05
-
-
Save Martin91/175618650d1a29b11785c3c86b14036b to your computer and use it in GitHub Desktop.
search sensitive words in git history
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
NOT_GIT_REPO=1 | |
if $(git rev-list --all &>/dev/null) | |
then | |
echo "Detect git repo, continue now..." | |
else | |
echo "Could not find any git repo here!" | |
exit $NOT_GIT_REPO | |
fi | |
mkdir -p tmp/ | |
THREADS=20 | |
DATETIME="$(date '+%Y-%m-%dT%H:%M:%S')" | |
REPORT_FILE_NAME="tmp/git-report_$DATETIME.omg" | |
echo "CREATED AT: $(date)" > $REPORT_FILE_NAME | |
echo "PATH: $(pwd)" >> $REPORT_FILE_NAME | |
# Search something like: | |
# password = "ss", or not space | |
# password = 'ss', or not space | |
# password: 'ss' | |
# something['password'] = 'ss' | |
# something["password"] = 'ss' | |
SEARCH_PATTERN="^diff\s|^\+.*(password|api_key|app_key|access_id|access_key|secret|license|token|app_id)(['\"]?\]?\s?[:=]>?\s?)+|[0-9A-Za-z\-]{16,128}['\"]" | |
DIRECTORIES="app/**/*.(rb|js) config/ db/ lib/ test/" | |
if (ls spec/ &>/dev/null) | |
then | |
DIRECTORIES="$DIRECTORIES spec/" | |
fi | |
echo "Will search in folders: $DIRECTORIES" | |
git rev-list --all | ( | |
while read revision; do | |
git show -b --format= $revision $DIRECTORIES | awk -v revision="$revision" '{ if ($1 == "diff") { print $0"@"revision } else { print $0 } }' | grep -E $SEARCH_PATTERN | |
# git show -b --format= $revision $DIRECTORIES | grep -b -E $SEARCH_PATTERN | |
done | |
) >> $REPORT_FILE_NAME | |
STATS=$(cat <<-GIT_REPO_STATS | |
total revisions count: $(git rev-list --all | wc -l) | |
total matched lines: $(wc -l $REPORT_FILE_NAME) | |
GIT_REPO_STATS | |
) | |
echo "FINISHED! The below shows repo stats:" | |
echo ">===================================<" | |
echo "$STATS" | |
echo ">===================================<" | |
echo "Now please open \"$REPORT_FILE_NAME\" to check informations!" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
NOT_GIT_REPO=1 | |
if $(git rev-list --all > /dev/null) | |
then | |
echo "Detect git repo, continue now..." | |
else | |
exit $NOT_GIT_REPO | |
fi | |
mkdir -p tmp/ | |
THREADS=20 | |
DATETIME="$(date '+%Y-%m-%dT%H:%M:%S')" | |
REPORT_FILE_NAME="tmp/git-report_$DATETIME.omg" | |
echo "CREATED AT: $(date)" > $REPORT_FILE_NAME | |
echo "PATH: $(pwd)" >> $REPORT_FILE_NAME | |
# Search something like: | |
# password = "ss", or not space | |
# password = 'ss', or not space | |
# password: 'ss' | |
# something['password'] = 'ss' | |
# something["password"] = 'ss' | |
SEARCH_PATTERN="(password|api_key|app_key|secret|token|app_id)(['\"]?]?\s?[:=]>?\s?['\"])+|['\"][0-9A-Za-z\-]{16,128}['\"]" | |
DIRECTORIES="app/**/*.(rb|js) config/ db/ lib/ test/ spec/" | |
git rev-list --all | ( | |
while read revision; do | |
git grep -n --threads $THREADS --break -I -E $SEARCH_PATTERN $revision -- $DIRECTORIES | |
done | |
) >> $REPORT_FILE_NAME | |
STATS=$(cat <<-GIT_REPO_STATS | |
total revisions count: $(git rev-list --all | wc -l) | |
total matched lines: $(wc -l $REPORT_FILE_NAME) | |
GIT_REPO_STATS | |
) | |
echo "FINISHED! The below shows repo stats:" | |
echo ">===================================<" | |
echo "$STATS" | |
echo ">===================================<" | |
echo "Now please open \"$REPORT_FILE_NAME\" to check informations!" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git rev-list --all | ( | |
while read revision; do | |
git grep -F 'password' $revision | |
done | |
) > tmp/rev-list.log | |
# search in all revisions with extened regular expression | |
git rev-list --all | ( | |
while read revision; do | |
git grep -E "password|api_key|app_key|secret|token|app_id|[0-9A-Za-z\-]{16,128}" $revision | |
done | |
) > tmp/rev-list.log | |
# search in only specified folders | |
git rev-list --all | ( | |
while read revision; do | |
git grep -n --break -I --color=always -E "password|api_key|app_key|license|secret|token|app_id|['\"][0-9A-Za-z\-]{16,128}['\"]" $revision -- app/**/*.(rb|js) config/ db/ lib/ test/ spec/ | |
done | |
) > tmp/rev-list.log | |
# search in only specified folders and glob style extension file names | |
git rev-list --all | ( | |
while read revision; do | |
git grep -n --break -C 1 -I -E "password|api_key|app_key|secret|token|app_id|['\"][0-9A-Za-z\-]{16,128}['\"]" $revision -- app/**/*.(rb|js) config/ db/ lib/ test/ spec/ | |
done | |
) > tmp/rev-list.log | |
# Visit https://ibb.co/hnbvDR to see the demo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment