suite-py 1.47.1__tar.gz → 1.47.2__tar.gz

{suite_py-1.47.1 → suite_py-1.47.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: suite-py
-Version: 1.47.1
+Version: 1.47.2
 Summary: 
 Author: larrywax, EugenioLaghi, michelangelomo
 Author-email: devops@prima.it

{suite_py-1.47.1 → suite_py-1.47.2}/pyproject.toml

@@ -2,7 +2,7 @@
 authors = ["larrywax, EugenioLaghi, michelangelomo <devops@prima.it>"]
 description = ""
 name = "suite-py"
-version = "1.47.1"
+version = "1.47.2"
 
 [tool.poetry.dependencies]
 Click = ">=7.0"

{suite_py-1.47.1 → suite_py-1.47.2}/suite_py/__version__.py

@@ -1,2 +1,2 @@
 # -*- encoding: utf-8 -*-
-__version__ = "1.47.1"
+__version__ = "1.47.2"

{suite_py-1.47.1 → suite_py-1.47.2}/suite_py/lib/handler/pre_commit_handler.py

@@ -16,18 +16,20 @@ class PreCommit:
         self._git = GitHandler(project, config)
 
     def check_and_warn(self):
-        if self.is_enabled() and not self.is_pre_commit_hooks_installed():
-            self.warn_missing_pre_commit_hook()
+        if self._is_enabled() and not self._is_pre_commit_hooks_installed():
+            self._warn_missing_pre_commit_hook()
 
-    def is_pre_commit_hooks_installed(self):
+    def _is_enabled(self):
+        return self._git.get_git_config("suite-py.disable-pre-commit-warning") != "true"
+
+    def _is_pre_commit_hooks_installed(self):
         """
-        Apply some heuteristics to check whether the gitleaks pre-commit hook is installed.
+        Apply some heuristics to check whether the gitleaks pre-commit hook is installed.
         This is extremely imperfect, and only supports direct calls in shell scripts.
-        More hooks, like husky should be added later
         """
-        return self.is_vanilla_hook_setup() or self.is_pre_commit_py_hook_setup()
+        return self._is_shell_script_hook_setup() or self._is_pre_commit_py_hook_setup()
 
-    def warn_missing_pre_commit_hook(self):
+    def _warn_missing_pre_commit_hook(self):
         logger.warning(
             """
 Looks like the current repo is missing the gitleaks pre-commit hook!
@@ -42,28 +44,25 @@ to disable it globally
         """
         )
 
-    def is_vanilla_hook_setup(self):
-        """
-        Check whether the gitleaks hook is setup as a regular bash script
+    def _is_shell_script_hook_setup(self):
         """
-        pre_commit_file = self.read_pre_commit_hook()
+        Check whether the gitleaks hook is setup as a regular bash script:
 
-        # Assume everything is a shell script.
-        # Technically you could use a binary, or even python code,
-        # But those are out of scope for us, and the user should just disable the warning themselves
-        lines = pre_commit_file.splitlines()
-
-        # Filter out lines that start with '#' since those are probably just comments.
-        without_comments = filter(lambda l: not l.strip().startswith("#"), lines)
+        * is there a `.git/hooks/pre-commit` shell script that contains keyword "gitleaks"
+        * is there a `.husky/pre-commit` shell script that contains keyword "security-hooks" (primait/security-hooks repo)
+        """
+        path = os.path.join(self._git.hooks_path(), "pre-commit")
+        keywords = ["gitleaks", "security-hooks"]
 
-        return any("gitleaks" in line for line in without_comments)
+        return any(self._script_contains_keyword(path, keyword) for keyword in keywords)
 
-    def is_pre_commit_py_hook_setup(self):
+    def _is_pre_commit_py_hook_setup(self):
         """
         Check whether the gitleaks hook is setup with the pre-commit python framework
         """
-        # If the framework is not setup skip
-        if "pre-commit" not in self.read_pre_commit_hook():
+        # is there a `.git/hooks/pre-commit` shell script that contains keyword "pre-commit"
+        pre_commit_file_path = os.path.join(self._git.hooks_path(), "pre-commit")
+        if not self._script_contains_keyword(pre_commit_file_path, "pre-commit"):
             logger.debug("pre-commit.com not installed, skipping config check")
             return False
 
@@ -83,14 +82,21 @@ to disable it globally
             for repo in config.get("repos", [])
         )
 
-    def read_pre_commit_hook(self):
-        pre_commit_file_path = os.path.join(self._git.hooks_path(), "pre-commit")
-        logger.debug("Reading pre-commit script from %s", pre_commit_file_path)
+    def _script_contains_keyword(self, file_path, keyword):
+        """
+        Check if a keyword appears in a shell script, ignoring comment lines
+        (binaries and python code are out of scope for us).
+        """
         try:
-            with open(pre_commit_file_path, encoding="utf-8") as f:
-                return f.read()
+            logger.debug("checking pre-commit script(%s)", file_path)
+            with open(file_path, encoding="utf-8") as f:
+                content = f.read()
         except FileNotFoundError:
-            return ""
+            logger.debug("pre-commit script(%s) not found", file_path)
+            return False
 
-    def is_enabled(self):
-        return self._git.get_git_config("suite-py.disable-pre-commit-warning") != "true"
+        # Filter out comments (lines starting with '#').
+        lines_without_comments = (
+            line for line in content.splitlines() if not line.strip().startswith("#")
+        )
+        return any(keyword in line for line in lines_without_comments)