atst/script/detect_secrets
dandds 6c22d5a524 Apply section heads to test output for clarity.
This also removes a test setup command that added an uploads directory.
It's no longer necessary.
2019-09-26 13:23:17 -04:00

45 lines
1.1 KiB
Python
Executable File

#! .venv/bin/python
import subprocess
import sys
from detect_secrets.pre_commit_hook import main as find_secrets
TRACKED_CHANGES = ["git", "diff", "HEAD", "--name-only"]
STAGED_CHANGES = ["git", "diff", "--cached", "--name-only"]
UNTRACKED_CHANGES = ["git", "ls-files", "--others", "--exclude-standard"]
def git_file_list(cmd):
comproc = subprocess.run(cmd, capture_output=True)
return [f.decode() for f in comproc.stdout.split()]
def git_staged_files():
return git_file_list(STAGED_CHANGES)
def git_all_files():
return git_file_list(TRACKED_CHANGES) + git_file_list(UNTRACKED_CHANGES)
def main(arg):
"""
If `arg` is "staged", this will only check files that have been
staged to the git index. Otherwise, it will check staged and
unstaged files.
"""
files = []
if arg == "staged":
files = git_staged_files()
else:
files = git_all_files()
return find_secrets(["--baseline", ".secrets.baseline"] + files)
if __name__ == "__main__":
arg = sys.argv[1] if len(sys.argv) > 1 else None
print("Finished scanning for secrets")
sys.exit(main(arg))