ferret-scan 1.2.7__tar.gz

ferret_scan-1.2.7/.pre-commit-hooks.yaml

@@ -0,0 +1,107 @@
+# Ferret Scan Pre-commit Hooks - Direct Integration
+# Multiple hook configurations for different security requirements
+
+# =============================================================================
+# DEFAULT HOOK - Balanced security for most teams
+# =============================================================================
+- id: ferret-scan
+  name: Ferret Scan - Sensitive Data Detection
+  description: Scan files for sensitive data like credit cards, SSNs, API keys
+  entry: ferret-scan
+  language: python
+  files: '\.(txt|py|js|ts|go|java|json|yaml|yml|md|csv|log|conf|config|ini|env)$'
+  args: ['--pre-commit-mode', '--confidence', 'high,medium', '--checks', 'all', '--format', 'text']
+  require_serial: false
+  additional_dependencies: []
+
+# =============================================================================
+# STRICT SECURITY - Blocks on high confidence findings
+# =============================================================================
+- id: ferret-scan-strict
+  name: Ferret Scan - Strict Security
+  description: Strict security scanning - blocks commits on high confidence findings
+  entry: ferret-scan
+  language: python
+  files: '\.(txt|py|js|ts|go|java|cpp|c|h|json|xml|yaml|yml|csv|log|conf|config|ini|env)$'
+  args: ['--pre-commit-mode', '--confidence', 'high,medium,low', '--checks', 'all', '--format', 'text', '--verbose']
+  require_serial: false
+  additional_dependencies: []
+
+# =============================================================================
+# ADVISORY MODE - Shows findings but never blocks commits
+# =============================================================================
+- id: ferret-scan-advisory
+  name: Ferret Scan - Advisory Mode
+  description: Advisory scanning - shows findings but never blocks commits
+  entry: ferret-scan
+  language: python
+  files: '\.(py|js|ts|go|java|json|yaml|yml|env|conf)$'
+  args: ['--pre-commit-mode', '--confidence', 'high', '--checks', 'all', '--format', 'text', '--verbose']
+  require_serial: false
+  additional_dependencies: []
+
+# =============================================================================
+# SECRETS FOCUSED - Only scan for API keys and secrets
+# =============================================================================
+- id: ferret-scan-secrets
+  name: Ferret Scan - Secrets Only
+  description: Scan specifically for API keys, tokens, and secrets
+  entry: ferret-scan
+  language: python
+  files: '\.(py|js|ts|go|java|json|yaml|yml|env|conf|config)$'
+  args: ['--pre-commit-mode', '--confidence', 'high,medium', '--checks', 'SECRETS', '--format', 'text', '--show-match']
+  require_serial: false
+  additional_dependencies: []
+
+# =============================================================================
+# CREDIT CARD FOCUSED - Scan for financial data
+# =============================================================================
+- id: ferret-scan-financial
+  name: Ferret Scan - Financial Data
+  description: Scan for credit cards and financial information
+  entry: ferret-scan
+  language: python
+  files: '\.(txt|py|js|ts|go|java|json|yaml|yml|csv|log)$'
+  args: ['--pre-commit-mode', '--confidence', 'high,medium', '--checks', 'CREDIT_CARD', '--format', 'text', '--show-match']
+  require_serial: false
+  additional_dependencies: []
+
+# =============================================================================
+# PII FOCUSED - Scan for personally identifiable information
+# =============================================================================
+- id: ferret-scan-pii
+  name: Ferret Scan - PII Detection
+  description: Scan for personally identifiable information (SSN, passport, etc.)
+  entry: ferret-scan
+  language: python
+  files: '\.(txt|py|js|ts|go|java|json|yaml|yml|csv|log)$'
+  args: ['--pre-commit-mode', '--confidence', 'high,medium', '--checks', 'SSN,PASSPORT,EMAIL', '--format', 'text']
+  require_serial: false
+  additional_dependencies: []
+
+# =============================================================================
+# METADATA FOCUSED - Scan document metadata
+# =============================================================================
+- id: ferret-scan-metadata
+  name: Ferret Scan - Metadata Check
+  description: Scan document metadata for sensitive information
+  entry: ferret-scan
+  language: python
+  files: '\.(pdf|docx|xlsx|pptx|jpg|jpeg|png|tiff)$'
+  args: ['--pre-commit-mode', '--confidence', 'high,medium', '--checks', 'METADATA', '--format', 'text', '--enable-preprocessors']
+  require_serial: false
+  additional_dependencies: []
+
+# =============================================================================
+# CI/CD OPTIMIZED - For automated pipelines with structured output
+# =============================================================================
+- id: ferret-scan-ci
+  name: Ferret Scan - CI/CD Pipeline
+  description: Optimized for CI/CD with structured output
+  entry: ferret-scan
+  language: python
+  pass_filenames: false
+  always_run: true
+  args: ['--pre-commit-mode', '--file', '.', '--recursive', '--confidence', 'high,medium', '--format', 'json', '--checks', 'all']
+  require_serial: false
+  additional_dependencies: []

ferret_scan-1.2.7/.python-version

@@ -0,0 +1 @@
+3.13

ferret_scan-1.2.7/LICENSE.txt

@@ -0,0 +1,203 @@
+© 2025 Amazon Web Services, Inc. or its affiliates. All Rights Reserved.
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

ferret_scan-1.2.7/MANIFEST.in

@@ -0,0 +1,2 @@
+include README.md
+recursive-include ferret_scan/binaries *

ferret_scan-1.2.7/Makefile

@@ -0,0 +1,45 @@
+# Makefile for ferret-scan Python package
+
+.PHONY: help test test-verbose clean install-dev setup-env
+
+help:
+	@echo "Available targets:"
+	@echo "  setup-env     - Create virtual environment and install dependencies"
+	@echo "  test          - Run all tests"
+	@echo "  test-verbose  - Run tests with verbose output"
+	@echo "  clean         - Clean up temporary files and virtual environment"
+	@echo "  install-dev   - Install package in development mode"
+
+setup-env:
+	python -m venv test_env
+	test_env/bin/pip install -r requirements.txt
+	@echo "Virtual environment created. Activate with: source test_env/bin/activate"
+
+test:
+	@if [ ! -d "test_env" ]; then \
+		echo "Virtual environment not found. Run 'make setup-env' first."; \
+		exit 1; \
+	fi
+	test_env/bin/python tests/run_tests.py
+
+test-verbose:
+	@if [ ! -d "test_env" ]; then \
+		echo "Virtual environment not found. Run 'make setup-env' first."; \
+		exit 1; \
+	fi
+	test_env/bin/python -m unittest discover -s tests -p 'test_*.py' -v
+
+install-dev:
+	@if [ ! -d "test_env" ]; then \
+		echo "Virtual environment not found. Run 'make setup-env' first."; \
+		exit 1; \
+	fi
+	test_env/bin/pip install -e .
+
+clean:
+	rm -rf test_env/
+	rm -rf build/
+	rm -rf dist/
+	rm -rf *.egg-info/
+	find . -type d -name __pycache__ -exec rm -rf {} +
+	find . -type f -name "*.pyc" -delete

ferret_scan-1.2.7/PKG-INFO

@@ -0,0 +1,222 @@
+Metadata-Version: 2.4
+Name: ferret-scan
+Version: 1.2.7
+Summary: Sensitive data detection tool with pre-commit hook support
+Home-page: https://github.com/awslabs/ferret-scan
+Author: AWS
+Author-email: AWS <ferret-scan@amazon.com>
+License-Expression: Apache-2.0
+Project-URL: Homepage, https://github.com/awslabs/ferret-scan
+Project-URL: Repository, https://github.com/awslabs/ferret-scan
+Project-URL: Issues, https://github.com/awslabs/ferret-scan/issues
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE.txt
+Requires-Dist: requests>=2.25.0
+Provides-Extra: test
+Requires-Dist: requests>=2.25.0; extra == "test"
+Dynamic: author
+Dynamic: home-page
+Dynamic: license-file
+Dynamic: requires-python
+
+# Ferret Scan Python Package
+
+A Python wrapper for [Ferret Scan](https://github.com/awslabs/ferret-scan), a sensitive data detection tool. This package provides easy installation and seamless pre-commit hook integration.
+
+## Installation
+
+```bash
+pip install ferret-scan
+```
+
+## Usage
+
+### Command Line
+
+After installation, use `ferret-scan` exactly like the native binary:
+
+```bash
+# Basic scan
+ferret-scan --file document.txt
+
+# JSON output
+ferret-scan --file document.txt --format json
+
+# Quiet mode for scripts
+ferret-scan --file document.txt --quiet
+
+# Pre-commit mode with optimizations
+ferret-scan --pre-commit-mode --confidence high,medium --checks all
+```
+
+### Pre-commit Hook
+
+Ferret Scan provides multiple pre-commit hook configurations for different security requirements. Add to your `.pre-commit-config.yaml`:
+
+#### Default Configuration (Recommended)
+```yaml
+repos:
+  - repo: https://github.com/awslabs/ferret-scan
+    rev: v1.0.0
+    hooks:
+      - id: ferret-scan
+```
+
+#### Strict Security (Blocks on high confidence findings)
+```yaml
+repos:
+  - repo: https://github.com/awslabs/ferret-scan
+    rev: v1.0.0
+    hooks:
+      - id: ferret-scan-strict
+```
+
+#### Advisory Mode (Shows findings but never blocks)
+```yaml
+repos:
+  - repo: https://github.com/awslabs/ferret-scan
+    rev: v1.0.0
+    hooks:
+      - id: ferret-scan-advisory
+```
+
+#### Secrets Only (Focus on API keys and tokens)
+```yaml
+repos:
+  - repo: https://github.com/awslabs/ferret-scan
+    rev: v1.0.0
+    hooks:
+      - id: ferret-scan-secrets
+```
+
+#### Financial Data (Credit cards and financial info)
+```yaml
+repos:
+  - repo: https://github.com/awslabs/ferret-scan
+    rev: v1.0.0
+    hooks:
+      - id: ferret-scan-financial
+```
+
+#### PII Detection (SSN, passport, email)
+```yaml
+repos:
+  - repo: https://github.com/awslabs/ferret-scan
+    rev: v1.0.0
+    hooks:
+      - id: ferret-scan-pii
+```
+
+#### Metadata Check (Document metadata scanning)
+```yaml
+repos:
+  - repo: https://github.com/awslabs/ferret-scan
+    rev: v1.0.0
+    hooks:
+      - id: ferret-scan-metadata
+```
+
+#### CI/CD Optimized (Structured output for pipelines)
+```yaml
+repos:
+  - repo: https://github.com/awslabs/ferret-scan
+    rev: v1.0.0
+    hooks:
+      - id: ferret-scan-ci
+```
+
+#### Custom Configuration
+You can also customize any hook with additional arguments:
+
+```yaml
+repos:
+  - repo: https://github.com/awslabs/ferret-scan
+    rev: v1.0.0
+    hooks:
+      - id: ferret-scan
+        args: ['--confidence', 'high', '--checks', 'CREDIT_CARD,SECRETS', '--verbose']
+```
+
+#### Local Installation
+For local installations, use the `ferret-scan` command directly:
+
+```yaml
+repos:
+  - repo: local
+    hooks:
+      - id: ferret-scan
+        name: Ferret Scan - Sensitive Data Detection
+        entry: ferret-scan
+        language: system
+        files: '\.(txt|py|js|ts|go|java|json|yaml|yml|md|csv|log|conf|config|ini|env)$'
+        args: ['--pre-commit-mode', '--confidence', 'high,medium']
+```
+
+## How It Works
+
+This Python package:
+
+1. **Automatic Binary Download**: Downloads the appropriate ferret-scan binary for your platform (Linux/macOS/Windows, x86_64/ARM64)
+2. **Transparent Execution**: Passes all arguments directly to the native binary
+3. **Cross-Platform**: Works on all platforms supported by ferret-scan
+4. **Pre-commit Ready**: Integrates seamlessly with pre-commit hooks with automatic optimizations
+
+## Supported Platforms
+
+- **Linux**: x86_64, ARM64
+- **macOS**: x86_64 (Intel), ARM64 (Apple Silicon)
+- **Windows**: x86_64, ARM64
+
+## Features
+
+All features of the native ferret-scan binary are available:
+
+- **Sensitive Data Detection**: Credit cards, passports, SSNs, API keys, etc.
+- **Multiple Formats**: Text, JSON, CSV, YAML, JUnit, GitLab SAST output
+- **Document Processing**: PDF, Office documents, images
+- **Pre-commit Optimizations**: Automatic quiet mode, no colors, appropriate exit codes
+- **Suppression Rules**: Manage false positives
+- **Configuration**: YAML config files and profiles
+- **Redaction**: Remove sensitive data from documents
+
+## Command Line Options
+
+The Python package supports all command-line options of the native binary:
+
+- `--file`: Input file, directory, or glob pattern
+- `--format`: Output format (text, json, csv, yaml, junit, gitlab-sast)
+- `--confidence`: Confidence levels (high, medium, low, combinations)
+- `--checks`: Specific checks to run (CREDIT_CARD, SECRETS, SSN, etc.)
+- `--pre-commit-mode`: Enable pre-commit optimizations
+- `--verbose`: Detailed information for findings
+- `--quiet`: Suppress progress output
+- `--no-color`: Disable colored output
+- `--recursive`: Recursively scan directories
+- `--enable-preprocessors`: Enable document text extraction
+- `--config`: Configuration file path
+- `--profile`: Configuration profile name
+
+## Requirements
+
+- Python 3.7+
+- Internet connection (for initial binary download)
+
+## License
+
+Apache License 2.0 - see the [LICENSE](https://github.com/awslabs/ferret-scan/blob/main/LICENSE) file for details.
+
+## Contributing
+
+See the main [Ferret Scan repository](https://github.com/awslabs/ferret-scan) for contribution guidelines.