UNPKG

pushscript

Version:

AI-powered Git workflow automation with conventional commits, vulnerability scanning, and multi-provider LLM support

pushscript.dev

assemblycompany/pushscript

95 lines (78 loc) ā€¢ 2.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/** * Secret Scanner for PushScript * Main integration module - uses clean separation of patterns and detection logic */ import { scanFilesForSecrets, displaySecretScanResults, getDetectionConfig } from './secret-detector.js'; import { SECRET_PATTERNS, getPatternStats } from './secret-patterns.js'; /** * Check for hardcoded secrets in staged files * @param {Array} stagedFiles - Array of staged file objects * @returns {Promise<boolean>} True if secrets found, false otherwise */ async function checkHardcodedSecrets(stagedFiles) { if (!stagedFiles || stagedFiles.length === 0) { console.log('šŸ“ No staged files to scan'); return false; } console.log('\nšŸ” Scanning for hardcoded secrets...'); console.log(`šŸ“‹ Scanning ${stagedFiles.length} staged files`); // Get detection stats const config = getDetectionConfig(); const stats = getPatternStats(); console.log(`šŸ“Š Using ${config.patterns} patterns across ${config.categories} categories`); // Scan files for secrets const results = scanFilesForSecrets(stagedFiles); // Display results displaySecretScanResults(results, true); // Check if any critical or high severity secrets found const criticalSecrets = results.filter(r => r.severity === 'critical'); const highSecrets = results.filter(r => r.severity === 'high'); if (criticalSecrets.length > 0 || highSecrets.length > 0) { console.log('\nšŸšØ CRITICAL: High severity secrets detected!'); console.log(' Please review and remove before committing.'); return true; } if (results.length > 0) { console.log('\nāš ļø Medium/low severity secrets detected.'); console.log(' Review and consider using environment variables.'); return false; // Don't block commit for medium/low } console.log('\nāœ… No concerning secrets detected'); return false; } /** * Get secret detection configuration * @returns {Object} Configuration object */ function getSecretDetectionConfig() { return { ...getDetectionConfig(), patternStats: getPatternStats() }; } /** * Get active patterns (for debugging/info) * @returns {Object} Active patterns */ function getActivePatterns() { return SECRET_PATTERNS; } /** * Test secret detection with sample data * @param {string} testContent - Test content to scan * @returns {Array} Detection results */ function testSecretDetection(testContent) { const testFile = { path: 'test-file.js', content: testContent }; return scanFilesForSecrets([testFile]); } // Export main functions export { checkHardcodedSecrets, getSecretDetectionConfig, getActivePatterns, testSecretDetection };