commit a6665279e73c7ccc0fdfed60c61047d6c975ae1e
author Dean Wilson <dean.wilson@gmail.com> Wed Oct 28 05:13:37 2015 +0000
committer Dean Wilson <dean.wilson@gmail.com> Wed Oct 28 05:13:37 2015 +0000
tree 8f75a99897e2d11e5ff533a2e006b59619812945
parent edb5d5219e4e56c79c13da537dfa59c8c6d08127

Show names of files containing aws credentials

pre_commit_hooks/detect_aws_credentials.py

diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py
index 55e83a1..e63e72a 100644
--- a/pre_commit_hooks/detect_aws_credentials.py
+++ b/pre_commit_hooks/detect_aws_credentials.py
@@ -24,14 +24,17 @@
     return keys
 
 
-def check_file_for_aws_keys(filename, keys):
-    with open(filename, 'r') as content:
-        # naively match the entire file, chances be so slim
-        # of random characters matching your flipping key.
-        text_body = content.read()
-        if any(key in text_body for key in keys):
-            return 1
-    return 0
+def check_file_for_aws_keys(filenames, keys):
+    bad_files = []
+
+    for filename in filenames:
+        with open(filename, 'r') as content:
+            text_body = content.read()
+            if any(key in text_body for key in keys):
+                # naively match the entire file, low chance of incorrect collision
+                bad_files.append(filename)
+
+    return bad_files
 
 
 def main(argv=None):
@@ -48,11 +51,13 @@
     if not keys:
         return 2
 
-    retv = 0
-    for filename in args.filenames:
-        retv |= check_file_for_aws_keys(filename, keys)
-    return retv
-
+    bad_filenames = check_file_for_aws_keys(args.filenames, keys)
+    if bad_filenames:
+        for bad_file in bad_filenames:
+            print('AWS secret key found: {0}'.format(bad_file))
+        return 1
+    else:
+        return 0
 
 if __name__ == '__main__':
     exit(main())