git-ward 0.1.1 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Cargo.toml +1 -1
- package/README.md +1 -0
- package/package.json +1 -1
- package/src/scanner.rs +19 -0
package/Cargo.toml
CHANGED
package/README.md
CHANGED
|
@@ -10,6 +10,7 @@
|
|
|
10
10
|
- **Ethereum Private Keys**
|
|
11
11
|
- **BIP-39 Mnemonics**
|
|
12
12
|
- **Generic API Keys**
|
|
13
|
+
- **.env Files** (Blocks `.env`, `.env.local`, etc. Allows `.example`/`.sample`)
|
|
13
14
|
- **High Entropy Strings** (with false positive filtering)
|
|
14
15
|
- **Configurable:** Ignore specific files via `.wardignore` or `ward.toml`.
|
|
15
16
|
|
package/package.json
CHANGED
package/src/scanner.rs
CHANGED
|
@@ -68,6 +68,25 @@ impl Scanner {
|
|
|
68
68
|
|
|
69
69
|
let mut violations = vec![];
|
|
70
70
|
|
|
71
|
+
// 0. File Name Check
|
|
72
|
+
if let Some(filename) = path.file_name().and_then(|s| s.to_str()) {
|
|
73
|
+
// Block .env and .env.* (e.g. .env.local, .env.production)
|
|
74
|
+
// But allow .env.example, .env.sample (common safe patterns)
|
|
75
|
+
if filename.starts_with(".env") {
|
|
76
|
+
let is_safe_example = filename.ends_with(".example") || filename.ends_with(".sample");
|
|
77
|
+
|
|
78
|
+
if !is_safe_example {
|
|
79
|
+
violations.push(Violation {
|
|
80
|
+
file: path.to_path_buf(),
|
|
81
|
+
line: 1,
|
|
82
|
+
rule: format!("Critical: {} detected", filename),
|
|
83
|
+
snippet: "Do not commit .env files. Use .env.example instead.".to_string(),
|
|
84
|
+
});
|
|
85
|
+
return Ok(violations);
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
|
|
71
90
|
for (i, line) in content.lines().enumerate() {
|
|
72
91
|
let line_idx = i + 1;
|
|
73
92
|
|