leakferret 0.1.6 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +22 -0
- data/lib/leakferret/binary.rb +5 -5
- data/lib/leakferret/version.rb +2 -2
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 05dc22c918caa5d55f1348c149fdc153334165c0b4060e6f9a7fa48fa1d03d41
|
|
4
|
+
data.tar.gz: ea5233a97a2d4b8bd4a1e38ec833e7613a0fb82b0daf805f5dd23f989e12321c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: de50259a0118ba8fe42f765ae153a7967423006aa4d17dfeb1d6835dde700cf2510dd3ebd000c72b2c3179fb99af3c505b871cd7b09ec7d1eefe83cc6a3e57bf
|
|
7
|
+
data.tar.gz: 5970de7e24f585257ab3478ff30aa17074dde5303d714ded8e52c98e3af5c0235d5a7c8e0a9838ae3663849c1090e1a25b3ac2a5375e3d63a42ddd407033be87
|
data/README.md
CHANGED
|
@@ -199,6 +199,28 @@ leakferret scan .
|
|
|
199
199
|
For air-gapped or offline installs, set `LEAKFERRET_SKIP_DOWNLOAD=1` to skip the
|
|
200
200
|
release download and position the binary yourself.
|
|
201
201
|
|
|
202
|
+
## Block commits locally (pre-commit hook)
|
|
203
|
+
|
|
204
|
+
Catch a secret before it is ever committed. From your repo root:
|
|
205
|
+
|
|
206
|
+
```bash
|
|
207
|
+
cat > .git/hooks/pre-commit <<'HOOK'
|
|
208
|
+
#!/bin/sh
|
|
209
|
+
# Offline secret scan (no network). Blocks the commit on any finding.
|
|
210
|
+
leakferret verify . --verify-mode none --fail-on any || {
|
|
211
|
+
echo "leakferret blocked this commit. Bypass: git commit --no-verify"
|
|
212
|
+
exit 1
|
|
213
|
+
}
|
|
214
|
+
HOOK
|
|
215
|
+
chmod +x .git/hooks/pre-commit
|
|
216
|
+
```
|
|
217
|
+
|
|
218
|
+
`--verify-mode none` keeps it offline; `--fail-on any` exits non-zero on any
|
|
219
|
+
non-fixture finding (documented examples like `AKIAIOSFODNN7EXAMPLE` are still
|
|
220
|
+
ignored). Pair with `leakferret baseline init` to block only on *new* secrets,
|
|
221
|
+
or commit the hook to `.githooks/` and run `git config core.hooksPath .githooks`
|
|
222
|
+
to share it with a team.
|
|
223
|
+
|
|
202
224
|
## License
|
|
203
225
|
|
|
204
226
|
MIT for this gem and the bundled binary. The fixture catalog **data** is
|
data/lib/leakferret/binary.rb
CHANGED
|
@@ -25,11 +25,11 @@ module Leakferret
|
|
|
25
25
|
# exactly which binary bytes it will run. Regenerate on every binary bump
|
|
26
26
|
# from the release's `*.tar.gz.sha256` files.
|
|
27
27
|
CHECKSUMS = {
|
|
28
|
-
'aarch64-apple-darwin' => '
|
|
29
|
-
'aarch64-pc-windows-msvc' => '
|
|
30
|
-
'x86_64-apple-darwin' => '
|
|
31
|
-
'x86_64-pc-windows-msvc' => '
|
|
32
|
-
'x86_64-unknown-linux-gnu' => '
|
|
28
|
+
'aarch64-apple-darwin' => '1f22f022e63cd5f986a89c6fe1714f32556855117bd8cc3b0737df3723831566',
|
|
29
|
+
'aarch64-pc-windows-msvc' => '9611345826fd68684318519cda5dcdbcf07b89fd5d37c75860eb6f73cd6bd963',
|
|
30
|
+
'x86_64-apple-darwin' => '23865d135683c7a8763f0a8afe154cebaa52b37fc6eae5afa7e9cf8cc4721b03',
|
|
31
|
+
'x86_64-pc-windows-msvc' => '0ef58e8b24a081c44aef644e744e96d2223c1b368fa711bf6a914d044ffeaede',
|
|
32
|
+
'x86_64-unknown-linux-gnu' => 'ac25d383ebeb1ea7dcfae0727bf2317bd16281b78ebc1cc24ee5d69d79ccd2ef'
|
|
33
33
|
}.freeze
|
|
34
34
|
|
|
35
35
|
module_function
|
data/lib/leakferret/version.rb
CHANGED
|
@@ -2,10 +2,10 @@
|
|
|
2
2
|
|
|
3
3
|
module Leakferret
|
|
4
4
|
# The gem's own version.
|
|
5
|
-
VERSION = '0.1.
|
|
5
|
+
VERSION = '0.1.8'
|
|
6
6
|
|
|
7
7
|
# The native binary release this gem downloads. Tracks the leakferret
|
|
8
8
|
# core release, which may move independently of the gem's own version
|
|
9
9
|
# (e.g. a gem-only bugfix).
|
|
10
|
-
BINARY_VERSION = '0.1.
|
|
10
|
+
BINARY_VERSION = '0.1.5'
|
|
11
11
|
end
|