Skip to content

Instantly share code, notes, and snippets.

@zoeisnowooze

zoeisnowooze/scan_secrets.js

Created November 15, 2021 21:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save zoeisnowooze/c37d814e96462eef0fe336045f07427f to your computer and use it in GitHub Desktop.
Save zoeisnowooze/c37d814e96462eef0fe336045f07427f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
scan_secrets.js
const fs = require("fs");
const parser = require("@babel/parser");
const traverse = require("@babel/traverse").default;
PATTERNS = [
/BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY/,
/AIza[A-Za-z0-9_-]{35}/,
/sk_live_[A-Za-z0-9]{24}/,
];
function isSecret(string) {
return PATTERNS.some((pattern) => string.match(pattern));
}
process.argv.slice(2).forEach((fileName) => {
const ast = parser.parse(fs.readFileSync(fileName, "utf8"), {
errorRecovery: true,
});
traverse(ast, {
StringLiteral(path) {
if (isSecret(path.node.value)) {
const { start, end } = path.node.loc;
console.log(`${fileName}: ${start.line}:${end.line}`);
}
},
});
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment