Google Git
Sign in
cobalt / pre-commit-hooks / 3078aec57b6ea803178a093eedaea0bac4d21864^! / . / pre_commit_hooks / detect_aws_credentials.py
commit3078aec57b6ea803178a093eedaea0bac4d21864[log] [tgz]
authorAra Hayrabedian <ara.hayrabedian@gmail.com>Fri Jun 12 16:24:01 2015 +0400
committerAra Hayrabedian <ara.hayrabedian@gmail.com>Fri Jun 12 16:24:01 2015 +0400
tree4a06426b9b9dfe06bfb6e4b20ebec7687ce96400
parent95bf20d52d5daea2ee493622498cb2299db0781e [diff] [blame]
use six for config parser, add to reqs
ditch checkign access_key (don't consider these a secret)
don't check line by line, check the whole file in bulk instead

diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py
index 77c1991..19b2316 100644
--- a/pre_commit_hooks/detect_aws_credentials.py
+++ b/pre_commit_hooks/detect_aws_credentials.py

@@ -2,26 +2,25 @@
 from __future__ import unicode_literals
 
 import argparse
-import ConfigParser
 import os
+from six.moves import configparser
 
 
-def get_your_keys(credentials_file, ignore_access_key=False):
-    """ reads the keys in your credentials file in order to be able to look
+def get_your_keys(credentials_file):
+    """ reads the secret keys in your credentials file in order to be able to look
     for them in the submitted code.
     """
     aws_credentials_file_path = os.path.expanduser(credentials_file)
     if not os.path.exists(aws_credentials_file_path):
         exit(2)
 
-    parser = ConfigParser.ConfigParser()
+    parser = configparser.ConfigParser()
     parser.read(aws_credentials_file_path)
 
     keys = set()
     for section in parser.sections():
-        if not ignore_access_key:
-            keys.add(parser.get(section, 'aws_access_key_id'))
         keys.add(parser.get(section, 'aws_secret_access_key'))
+    print(str(keys))
     return keys
 
 
@@ -29,9 +28,9 @@
     with open(filename, 'r') as content:
         # naively match the entire file, chances be so slim
         # of random characters matching your flipping key.
-        for line in content:
-            if any(key in line for key in keys):
-                return 1
+        text_body = content.read()
+        if any(key in text_body for key in keys):
+            return 1
     return 0
 
 
@@ -41,19 +40,11 @@
     parser.add_argument(
         "--credentials-file", 
         default='~/.aws/credentials',
-        help="location of aws credentials file from which to get the keys "
-              "we're looking for",
-    )
-    parser.add_argument(
-        "--ignore-access-key", 
-        action='store_true',
-        help="if you would like to ignore access keys, as there is "
-        "occasionally legitimate use for these.",
+        help="location of aws credentials file from which to get the secret "
+             "keys we're looking for",
     )
     args = parser.parse_args(argv)
-    ignore_access_key = args.ignore_access_key
-    keys = get_your_keys(args.credentials_file,
-                         ignore_access_key=ignore_access_key)
+    keys = get_your_keys(args.credentials_file)
 
     retv = 0
     for filename in args.filenames: