Server : Apache System : Linux indy02.toastserver.com 3.10.0-962.3.2.lve1.5.85.el7.x86_64 #1 SMP Thu Apr 18 15:18:36 UTC 2024 x86_64 User : palandch ( 1163) PHP Version : 7.1.33 Disable Function : NONE Directory : /opt/cloudlinux/venv/lib/python3.11/site-packages/dodgy/ |
import json import mimetypes import os import re import sys from argparse import ArgumentParser from dodgy.checks import check_file IGNORE_PATHS = [ re.compile(patt % {"sep": re.escape(os.path.sep)}) for patt in ( r"(^|%(sep)s)\.[^\.]", # ignores any files or directories starting with '.' r"^tests?%(sep)s?", r"%(sep)stests?(%(sep)s|$)", # Ignore foo_test(s)/. r"_tests?(%(sep)s|$)", ) ] def list_files(start_path): filepaths = [] for root, _, files in os.walk(start_path): for file_name in files: filepaths.append(os.path.join(root, file_name)) return filepaths def run_checks(directory, ignore_paths=None): warnings = [] ignore_paths = ignore_paths or [] ignore_paths = [re.compile(patt) for patt in ignore_paths] ignore_paths += IGNORE_PATHS filepaths = list_files(directory) for filepath in filepaths: relpath = os.path.relpath(filepath, directory) if any([ignore.search(relpath) for ignore in ignore_paths]): continue # this is a naive check to skip binary files, it's probably okay for now mimetype = mimetypes.guess_type(filepath) if mimetype[0] is None or not mimetype[0].startswith("text/"): continue try: for msg_parts in check_file(filepath): warnings.append( { "path": relpath, "line": msg_parts[0], "code": msg_parts[1], "message": msg_parts[2], } ) except UnicodeDecodeError as err: # This is a file which cannot be opened using codecs with UTF-8 print("Unable to read {!r}: {}".format(filepath, err)) return warnings def run(ignore_paths=None, zero_exit=False): warnings = run_checks(os.getcwd(), ignore_paths=ignore_paths) output = json.dumps({"warnings": warnings}, indent=2) sys.stdout.write(output + "\n") if zero_exit: sys.exit(0) sys.exit(1 if warnings else 0) def main(argv=None): argv = argv or sys.argv desc = ( 'A very basic tool to run against your codebase to search for "dodgy" looking values. ' "It is a series of simple regular expressions designed to detect things such as " "accidental SCM diff checkins, or passwords/secret keys hardcoded into files." ) parser = ArgumentParser("dodgy", description=desc) parser.add_argument( "--ignore-paths", "-i", nargs="+", type=str, dest="ignore", default=None, metavar="IGNORE_PATH", help="Paths to ignore", ) parser.add_argument( "--zero-exit", "-0", dest="zero_exit", help="Dodgy will exit with a code of 1 if problems are found. This flag ensures that it always returns with 0 unless an exception is raised.", action="store_true", ) args, _ = parser.parse_known_args(argv) run(ignore_paths=args.ignore, zero_exit=args.zero_exit) if __name__ == "__main__": main()