dargslan-git-audit 1.0.0__tar.gz

dargslan_git_audit-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Dargslan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

dargslan_git_audit-1.0.0/PKG-INFO

@@ -0,0 +1,68 @@
+Metadata-Version: 2.4
+Name: dargslan-git-audit
+Version: 1.0.0
+Summary: Git repository security auditor — scan for secrets in commits, large files, .gitignore gaps, and sensitive data leaks
+Author-email: Dargslan <info@dargslan.com>
+License: MIT
+Project-URL: Homepage, https://dargslan.com
+Project-URL: Documentation, https://dargslan.com/blog
+Project-URL: Repository, https://github.com/Dargslan
+Project-URL: Free Cheat Sheets, https://dargslan.com/cheat-sheets
+Project-URL: Linux & DevOps Books, https://dargslan.com/books
+Keywords: git,security,audit,secrets,gitignore,devops,linux,sysadmin
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Version Control :: Git
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Dynamic: license-file
+
+# dargslan-git-audit
+
+**Git Repository Security Auditor** — Scan for secrets in commits, large files, .gitignore gaps, and sensitive data leaks. Zero external dependencies.
+
+[![PyPI version](https://img.shields.io/pypi/v/dargslan-git-audit)](https://pypi.org/project/dargslan-git-audit/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## Installation
+
+```bash
+pip install dargslan-git-audit
+```
+
+## CLI Usage
+
+```bash
+dargslan-git report           # Full security report
+dargslan-git secrets          # Scan for secrets
+dargslan-git sensitive        # Check sensitive files
+dargslan-git gitignore        # Check .gitignore gaps
+dargslan-git large            # Find large files
+dargslan-git stats            # Repository statistics
+dargslan-git json             # JSON output
+```
+
+## Python API
+
+```python
+from dargslan_git_audit import GitAudit
+ga = GitAudit()
+secrets = ga.scan_working_secrets()
+issues = ga.audit()
+ga.print_report()
+```
+
+## More from Dargslan
+
+- [Dargslan.com](https://dargslan.com) — Linux & DevOps eBook Store
+- [Free Cheat Sheets](https://dargslan.com/cheat-sheets)
+- [Blog & Tutorials](https://dargslan.com/blog)
+
+## License
+
+MIT — see [LICENSE](LICENSE)

dargslan_git_audit-1.0.0/README.md

@@ -0,0 +1,44 @@
+# dargslan-git-audit
+
+**Git Repository Security Auditor** — Scan for secrets in commits, large files, .gitignore gaps, and sensitive data leaks. Zero external dependencies.
+
+[![PyPI version](https://img.shields.io/pypi/v/dargslan-git-audit)](https://pypi.org/project/dargslan-git-audit/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## Installation
+
+```bash
+pip install dargslan-git-audit
+```
+
+## CLI Usage
+
+```bash
+dargslan-git report           # Full security report
+dargslan-git secrets          # Scan for secrets
+dargslan-git sensitive        # Check sensitive files
+dargslan-git gitignore        # Check .gitignore gaps
+dargslan-git large            # Find large files
+dargslan-git stats            # Repository statistics
+dargslan-git json             # JSON output
+```
+
+## Python API
+
+```python
+from dargslan_git_audit import GitAudit
+ga = GitAudit()
+secrets = ga.scan_working_secrets()
+issues = ga.audit()
+ga.print_report()
+```
+
+## More from Dargslan
+
+- [Dargslan.com](https://dargslan.com) — Linux & DevOps eBook Store
+- [Free Cheat Sheets](https://dargslan.com/cheat-sheets)
+- [Blog & Tutorials](https://dargslan.com/blog)
+
+## License
+
+MIT — see [LICENSE](LICENSE)

dargslan_git_audit-1.0.0/dargslan_git_audit/__init__.py

@@ -0,0 +1,230 @@
+"""
+dargslan-git-audit — Git Repository Security Auditor
+
+Scan for secrets in commits, large files, .gitignore gaps, and sensitive data leaks.
+Zero external dependencies — uses only Python standard library.
+
+Homepage: https://dargslan.com
+Books: https://dargslan.com/books
+Blog: https://dargslan.com/blog
+"""
+
+__version__ = "1.0.0"
+__author__ = "Dargslan"
+__url__ = "https://dargslan.com"
+
+import os
+import re
+import subprocess
+import json
+
+
+class GitAudit:
+    """Audit Git repositories for security issues."""
+
+    SECRET_PATTERNS = [
+        (r'(?:password|passwd|pwd)\s*[:=]\s*["\']?[A-Za-z0-9!@#$%^&*]{8,}', 'password'),
+        (r'(?:api[_-]?key|apikey)\s*[:=]\s*["\']?[A-Za-z0-9]{16,}', 'api_key'),
+        (r'(?:secret[_-]?key|secretkey)\s*[:=]\s*["\']?[A-Za-z0-9]{16,}', 'secret_key'),
+        (r'(?:access[_-]?token|auth[_-]?token)\s*[:=]\s*["\']?[A-Za-z0-9_\-]{20,}', 'token'),
+        (r'AKIA[0-9A-Z]{16}', 'aws_access_key'),
+        (r'(?:ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9]{36,}', 'github_token'),
+        (r'sk-[A-Za-z0-9]{48,}', 'openai_key'),
+        (r'-----BEGIN (?:RSA |DSA |EC )?PRIVATE KEY-----', 'private_key'),
+        (r'(?:mysql|postgres|mongodb)://[^:]+:[^@]+@', 'database_url'),
+        (r'Bearer\s+[A-Za-z0-9\-._~+/]+=*', 'bearer_token'),
+    ]
+
+    SENSITIVE_FILES = [
+        '.env', '.env.local', '.env.production', 'id_rsa', 'id_dsa', 'id_ecdsa', 'id_ed25519',
+        '*.pem', '*.key', '*.p12', '*.pfx', '*.jks', 'credentials.json', 'service-account.json',
+        'wp-config.php', 'config.php', 'secrets.yml', 'secrets.yaml', '.htpasswd',
+    ]
+
+    def __init__(self, repo_path=None):
+        self.repo_path = repo_path or os.getcwd()
+
+    def _run_git(self, args):
+        try:
+            result = subprocess.run(['git'] + args, capture_output=True, text=True,
+                                   timeout=30, cwd=self.repo_path)
+            return result.stdout.strip() if result.returncode == 0 else ''
+        except (FileNotFoundError, subprocess.TimeoutExpired):
+            return ''
+
+    def is_git_repo(self):
+        """Check if current directory is a Git repo."""
+        return os.path.isdir(os.path.join(self.repo_path, '.git'))
+
+    def scan_staged_secrets(self):
+        """Scan staged files for secrets."""
+        diff = self._run_git(['diff', '--cached', '--diff-filter=ACMR'])
+        return self._scan_content(diff, 'staged')
+
+    def scan_working_secrets(self):
+        """Scan working directory for secrets."""
+        issues = []
+        tracked = self._run_git(['ls-files'])
+        for filepath in tracked.split('\n'):
+            if not filepath.strip(): continue
+            full_path = os.path.join(self.repo_path, filepath)
+            try:
+                if os.path.getsize(full_path) > 1048576: continue
+                with open(full_path, 'r', errors='replace') as f:
+                    content = f.read()
+                for pattern, secret_type in self.SECRET_PATTERNS:
+                    matches = re.findall(pattern, content, re.IGNORECASE)
+                    for match in matches[:3]:
+                        issues.append({
+                            'file': filepath,
+                            'type': secret_type,
+                            'severity': 'critical',
+                            'preview': match[:30] + '...' if len(match) > 30 else match,
+                        })
+            except (FileNotFoundError, PermissionError, UnicodeDecodeError):
+                continue
+        return issues
+
+    def _scan_content(self, content, source):
+        issues = []
+        for pattern, secret_type in self.SECRET_PATTERNS:
+            matches = re.findall(pattern, content, re.IGNORECASE)
+            for match in matches[:5]:
+                issues.append({
+                    'source': source,
+                    'type': secret_type,
+                    'severity': 'critical',
+                    'preview': match[:30] + '...',
+                })
+        return issues
+
+    def check_gitignore(self):
+        """Check for missing .gitignore entries."""
+        gitignore_path = os.path.join(self.repo_path, '.gitignore')
+        missing = []
+        gitignore_content = ''
+        if os.path.exists(gitignore_path):
+            with open(gitignore_path, 'r') as f:
+                gitignore_content = f.read()
+
+        recommended = ['.env', '.env.*', '*.pem', '*.key', 'id_rsa', 'id_dsa',
+                       'node_modules/', '__pycache__/', '*.pyc', '.DS_Store',
+                       'credentials.json', '*.log', 'dist/', 'build/']
+
+        for entry in recommended:
+            if entry not in gitignore_content:
+                exists = False
+                tracked = self._run_git(['ls-files', '--', entry.rstrip('/')])
+                if tracked: exists = True
+                missing.append({'pattern': entry, 'tracked': exists})
+
+        return missing
+
+    def find_large_files(self, threshold_mb=10):
+        """Find large files in repository history."""
+        output = self._run_git(['rev-list', '--objects', '--all'])
+        large_files = []
+        if not output: return large_files
+
+        for line in output.split('\n')[:500]:
+            parts = line.split(None, 1)
+            if len(parts) < 2: continue
+            obj_hash, path = parts
+            size_output = self._run_git(['cat-file', '-s', obj_hash])
+            if size_output and size_output.isdigit():
+                size_bytes = int(size_output)
+                if size_bytes > threshold_mb * 1024 * 1024:
+                    large_files.append({
+                        'path': path,
+                        'size_mb': round(size_bytes / 1024 / 1024, 2),
+                        'hash': obj_hash[:8],
+                    })
+        return sorted(large_files, key=lambda x: x['size_mb'], reverse=True)[:20]
+
+    def check_sensitive_files(self):
+        """Check for tracked sensitive files."""
+        tracked = self._run_git(['ls-files'])
+        found = []
+        for filepath in tracked.split('\n'):
+            basename = os.path.basename(filepath)
+            for pattern in self.SENSITIVE_FILES:
+                if pattern.startswith('*.'):
+                    if basename.endswith(pattern[1:]):
+                        found.append({'file': filepath, 'pattern': pattern, 'severity': 'high'})
+                        break
+                elif basename == pattern:
+                    found.append({'file': filepath, 'pattern': pattern, 'severity': 'critical'})
+                    break
+        return found
+
+    def repo_stats(self):
+        """Get repository statistics."""
+        commit_count = self._run_git(['rev-list', '--count', 'HEAD'])
+        branch_count = self._run_git(['branch', '-a', '--list'])
+        contributor_count = self._run_git(['shortlog', '-sn', '--all'])
+
+        return {
+            'commits': int(commit_count) if commit_count and commit_count.isdigit() else 0,
+            'branches': len([b for b in branch_count.split('\n') if b.strip()]) if branch_count else 0,
+            'contributors': len([c for c in contributor_count.split('\n') if c.strip()]) if contributor_count else 0,
+        }
+
+    def audit(self):
+        """Run full Git security audit."""
+        issues = []
+
+        for s in self.scan_working_secrets():
+            issues.append({'severity': 'critical', 'category': 'secret',
+                          'message': f"Secret ({s['type']}) in {s['file']}"})
+
+        for f in self.check_sensitive_files():
+            issues.append({'severity': f['severity'], 'category': 'sensitive_file',
+                          'message': f"Sensitive file tracked: {f['file']}"})
+
+        gitignore_gaps = self.check_gitignore()
+        tracked_gaps = [g for g in gitignore_gaps if g['tracked']]
+        if tracked_gaps:
+            issues.append({'severity': 'warning', 'category': 'gitignore',
+                          'message': f"{len(tracked_gaps)} sensitive patterns tracked but not in .gitignore"})
+
+        return issues
+
+    def print_report(self):
+        """Print formatted Git audit report."""
+        stats = self.repo_stats()
+        issues = self.audit()
+
+        print(f"\n{'='*60}")
+        print(f"  Git Repository Security Audit")
+        print(f"  Path: {self.repo_path}")
+        print(f"{'='*60}")
+        print(f"\n  Commits: {stats['commits']}")
+        print(f"  Branches: {stats['branches']}")
+        print(f"  Contributors: {stats['contributors']}")
+
+        secrets = self.scan_working_secrets()
+        if secrets:
+            print(f"\n  Secrets Found ({len(secrets)}):")
+            for s in secrets[:10]:
+                print(f"    [CRITICAL] {s['file']}: {s['type']}")
+
+        sensitive = self.check_sensitive_files()
+        if sensitive:
+            print(f"\n  Sensitive Files ({len(sensitive)}):")
+            for f in sensitive[:10]:
+                print(f"    [{f['severity'].upper()}] {f['file']}")
+
+        if issues:
+            print(f"\n  Total Issues ({len(issues)}):")
+            for i in issues:
+                print(f"    [{i['severity'].upper():8s}] {i['message']}")
+        else:
+            print("\n  No security issues found.")
+
+        print(f"\n{'='*60}")
+        print(f"  More tools: https://dargslan.com")
+        print(f"  eBooks: https://dargslan.com/books")
+        print(f"{'='*60}\n")
+
+
+__all__ = ["GitAudit"]

dargslan_git_audit-1.0.0/dargslan_git_audit/cli.py

@@ -0,0 +1,36 @@
+"""CLI for dargslan-git-audit — https://dargslan.com"""
+import argparse
+
+def main():
+    parser = argparse.ArgumentParser(
+        description="Dargslan Git Audit — Git repository security auditor",
+        epilog="More tools at https://dargslan.com | eBooks: https://dargslan.com/books",
+    )
+    parser.add_argument("command", nargs="?", default="report",
+                       choices=["report", "secrets", "sensitive", "gitignore", "large", "stats", "issues", "json"],
+                       help="Command (default: report)")
+    parser.add_argument("-p", "--path", help="Repository path")
+    parser.add_argument("-s", "--size", type=int, default=10, help="Large file threshold (MB)")
+    args = parser.parse_args()
+
+    from dargslan_git_audit import GitAudit
+    ga = GitAudit(repo_path=args.path)
+    import json
+
+    if args.command == 'report': ga.print_report()
+    elif args.command == 'secrets':
+        for s in ga.scan_working_secrets(): print(f"  [{s['severity'].upper()}] {s['file']}: {s['type']}")
+    elif args.command == 'sensitive':
+        for f in ga.check_sensitive_files(): print(f"  [{f['severity'].upper()}] {f['file']}")
+    elif args.command == 'gitignore':
+        for g in ga.check_gitignore():
+            tracked = " [TRACKED!]" if g['tracked'] else ""
+            print(f"  Missing: {g['pattern']}{tracked}")
+    elif args.command == 'large':
+        for f in ga.find_large_files(args.size): print(f"  {f['size_mb']:.1f} MB: {f['path']}")
+    elif args.command == 'stats': print(json.dumps(ga.repo_stats(), indent=2))
+    elif args.command == 'issues':
+        for i in ga.audit(): print(f"  [{i['severity'].upper()}] {i['message']}")
+    elif args.command == 'json': print(json.dumps(ga.audit(), indent=2))
+
+if __name__ == "__main__": main()

dargslan_git_audit-1.0.0/dargslan_git_audit.egg-info/PKG-INFO

@@ -0,0 +1,68 @@
+Metadata-Version: 2.4
+Name: dargslan-git-audit
+Version: 1.0.0
+Summary: Git repository security auditor — scan for secrets in commits, large files, .gitignore gaps, and sensitive data leaks
+Author-email: Dargslan <info@dargslan.com>
+License: MIT
+Project-URL: Homepage, https://dargslan.com
+Project-URL: Documentation, https://dargslan.com/blog
+Project-URL: Repository, https://github.com/Dargslan
+Project-URL: Free Cheat Sheets, https://dargslan.com/cheat-sheets
+Project-URL: Linux & DevOps Books, https://dargslan.com/books
+Keywords: git,security,audit,secrets,gitignore,devops,linux,sysadmin
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Version Control :: Git
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Dynamic: license-file
+
+# dargslan-git-audit
+
+**Git Repository Security Auditor** — Scan for secrets in commits, large files, .gitignore gaps, and sensitive data leaks. Zero external dependencies.
+
+[![PyPI version](https://img.shields.io/pypi/v/dargslan-git-audit)](https://pypi.org/project/dargslan-git-audit/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## Installation
+
+```bash
+pip install dargslan-git-audit
+```
+
+## CLI Usage
+
+```bash
+dargslan-git report           # Full security report
+dargslan-git secrets          # Scan for secrets
+dargslan-git sensitive        # Check sensitive files
+dargslan-git gitignore        # Check .gitignore gaps
+dargslan-git large            # Find large files
+dargslan-git stats            # Repository statistics
+dargslan-git json             # JSON output
+```
+
+## Python API
+
+```python
+from dargslan_git_audit import GitAudit
+ga = GitAudit()
+secrets = ga.scan_working_secrets()
+issues = ga.audit()
+ga.print_report()
+```
+
+## More from Dargslan
+
+- [Dargslan.com](https://dargslan.com) — Linux & DevOps eBook Store
+- [Free Cheat Sheets](https://dargslan.com/cheat-sheets)
+- [Blog & Tutorials](https://dargslan.com/blog)
+
+## License
+
+MIT — see [LICENSE](LICENSE)

dargslan_git_audit-1.0.0/dargslan_git_audit.egg-info/SOURCES.txt

@@ -0,0 +1,10 @@
+LICENSE
+README.md
+pyproject.toml
+dargslan_git_audit/__init__.py
+dargslan_git_audit/cli.py
+dargslan_git_audit.egg-info/PKG-INFO
+dargslan_git_audit.egg-info/SOURCES.txt
+dargslan_git_audit.egg-info/dependency_links.txt
+dargslan_git_audit.egg-info/entry_points.txt
+dargslan_git_audit.egg-info/top_level.txt

dargslan_git_audit-1.0.0/dargslan_git_audit.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

dargslan_git_audit-1.0.0/dargslan_git_audit.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+dargslan-git = dargslan_git_audit.cli:main

dargslan_git_audit-1.0.0/dargslan_git_audit.egg-info/top_level.txt

@@ -0,0 +1 @@
+dargslan_git_audit

dargslan_git_audit-1.0.0/pyproject.toml

@@ -0,0 +1,32 @@
+[build-system]
+requires = ["setuptools>=61.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "dargslan-git-audit"
+version = "1.0.0"
+description = "Git repository security auditor — scan for secrets in commits, large files, .gitignore gaps, and sensitive data leaks"
+readme = "README.md"
+license = {text = "MIT"}
+requires-python = ">=3.7"
+authors = [{name = "Dargslan", email = "info@dargslan.com"}]
+keywords = ["git", "security", "audit", "secrets", "gitignore", "devops", "linux", "sysadmin"]
+classifiers = [
+    "Development Status :: 5 - Production/Stable",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: POSIX :: Linux",
+    "Programming Language :: Python :: 3",
+    "Topic :: Security",
+    "Topic :: Software Development :: Version Control :: Git",
+]
+
+[project.urls]
+Homepage = "https://dargslan.com"
+Documentation = "https://dargslan.com/blog"
+Repository = "https://github.com/Dargslan"
+"Free Cheat Sheets" = "https://dargslan.com/cheat-sheets"
+"Linux & DevOps Books" = "https://dargslan.com/books"
+
+[project.scripts]
+dargslan-git = "dargslan_git_audit.cli:main"

dargslan_git_audit-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+